################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2024-11-21 08:34:23 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.0.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298165/; classtype:trojan-activity;sid:84161265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.96.108.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298164/; classtype:trojan-activity;sid:84161264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.216.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298163/; classtype:trojan-activity;sid:84161263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.10.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298162/; classtype:trojan-activity;sid:84161262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.137.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298161/; classtype:trojan-activity;sid:84161261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.254.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298160/; classtype:trojan-activity;sid:84161260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.46.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298159/; classtype:trojan-activity;sid:84161259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.14.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298158/; classtype:trojan-activity;sid:84161258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.39.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298155/; classtype:trojan-activity;sid:84161255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.251.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298154/; classtype:trojan-activity;sid:84161254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.212.241.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298153/; classtype:trojan-activity;sid:84161253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.114.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298152/; classtype:trojan-activity;sid:84161252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.162.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298151/; classtype:trojan-activity;sid:84161251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.216.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298150/; classtype:trojan-activity;sid:84161250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.153.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298148/; classtype:trojan-activity;sid:84161248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.35.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298149/; classtype:trojan-activity;sid:84161249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.161.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298147/; classtype:trojan-activity;sid:84161247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.215.167.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298145/; classtype:trojan-activity;sid:84161245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.120.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298146/; classtype:trojan-activity;sid:84161246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.162.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298144/; classtype:trojan-activity;sid:84161244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298142/; classtype:trojan-activity;sid:84161242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.46.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298143/; classtype:trojan-activity;sid:84161243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.104.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298141/; classtype:trojan-activity;sid:84161241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.34.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298140/; classtype:trojan-activity;sid:84161240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.161.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298138/; classtype:trojan-activity;sid:84161238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.234.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298139/; classtype:trojan-activity;sid:84161239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.134.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298137/; classtype:trojan-activity;sid:84161237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.153.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298136/; classtype:trojan-activity;sid:84161236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.112.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298135/; classtype:trojan-activity;sid:84161235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.50.57.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298134/; classtype:trojan-activity;sid:84161234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.35.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298130/; classtype:trojan-activity;sid:84161230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.183.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298131/; classtype:trojan-activity;sid:84161231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.208.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298132/; classtype:trojan-activity;sid:84161232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298133)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.143.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298133/; classtype:trojan-activity;sid:84161233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.120.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298129/; classtype:trojan-activity;sid:84161229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.52.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298128/; classtype:trojan-activity;sid:84161228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.126.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298127/; classtype:trojan-activity;sid:84161227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.15.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298126/; classtype:trojan-activity;sid:84161226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.111.117.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298125/; classtype:trojan-activity;sid:84161225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.104.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298124/; classtype:trojan-activity;sid:84161224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.66.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298122/; classtype:trojan-activity;sid:84161222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.124.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298123/; classtype:trojan-activity;sid:84161223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.53.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298121/; classtype:trojan-activity;sid:84161221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.55.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298120/; classtype:trojan-activity;sid:84161220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.215.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298119/; classtype:trojan-activity;sid:84161219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.34.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298118/; classtype:trojan-activity;sid:84161218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.80.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298117/; classtype:trojan-activity;sid:84161217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.234.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298116/; classtype:trojan-activity;sid:84161216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.161.62.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298115/; classtype:trojan-activity;sid:84161215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.24.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298114/; classtype:trojan-activity;sid:84161214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.241.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298113/; classtype:trojan-activity;sid:84161213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.220.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298112/; classtype:trojan-activity;sid:84161212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.82.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298111/; classtype:trojan-activity;sid:84161211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.213.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298108/; classtype:trojan-activity;sid:84161208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.50.57.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298107/; classtype:trojan-activity;sid:84161207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.184.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298106/; classtype:trojan-activity;sid:84161206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298100)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.216.17.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298100/; classtype:trojan-activity;sid:84161200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298101)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.216.17.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298101/; classtype:trojan-activity;sid:84161201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.223.185.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298102/; classtype:trojan-activity;sid:84161202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.167.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298104/; classtype:trojan-activity;sid:84161204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.21.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298105/; classtype:trojan-activity;sid:84161205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.187.17.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298099/; classtype:trojan-activity;sid:84161199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298097/; classtype:trojan-activity;sid:84161197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.242.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298096/; classtype:trojan-activity;sid:84161196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.46.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298090/; classtype:trojan-activity;sid:84161190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.118.13.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298091/; classtype:trojan-activity;sid:84161191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.221.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298092/; classtype:trojan-activity;sid:84161192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.196.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298093/; classtype:trojan-activity;sid:84161193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.192.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298084/; classtype:trojan-activity;sid:84161184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.124.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298085/; classtype:trojan-activity;sid:84161185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298087/; classtype:trojan-activity;sid:84161187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.255.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298088/; classtype:trojan-activity;sid:84161188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.230.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298089/; classtype:trojan-activity;sid:84161189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.191.21.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298080/; classtype:trojan-activity;sid:84161180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.87.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298081/; classtype:trojan-activity;sid:84161181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.19.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298082/; classtype:trojan-activity;sid:84161182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.92.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298079/; classtype:trojan-activity;sid:84161179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.227.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298078/; classtype:trojan-activity;sid:84161178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.225.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298077/; classtype:trojan-activity;sid:84161177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.80.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298076/; classtype:trojan-activity;sid:84161176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.244.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298075/; classtype:trojan-activity;sid:84161175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.58.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298073/; classtype:trojan-activity;sid:84161173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.35.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298072/; classtype:trojan-activity;sid:84161172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.59.0.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298071/; classtype:trojan-activity;sid:84161171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.90.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298070/; classtype:trojan-activity;sid:84161170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.247.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298069/; classtype:trojan-activity;sid:84161169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.128.154.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298068/; classtype:trojan-activity;sid:84161168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.235.215.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298064/; classtype:trojan-activity;sid:84161164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.83.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298065/; classtype:trojan-activity;sid:84161165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.83.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298066/; classtype:trojan-activity;sid:84161166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.199.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298067/; classtype:trojan-activity;sid:84161167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.243.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298062/; classtype:trojan-activity;sid:84161162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.209.67.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298063/; classtype:trojan-activity;sid:84161163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.202.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298061/; classtype:trojan-activity;sid:84161161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.224.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298060/; classtype:trojan-activity;sid:84161160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.69.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298059/; classtype:trojan-activity;sid:84161159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.244.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298058/; classtype:trojan-activity;sid:84161158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.93.107.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298057/; classtype:trojan-activity;sid:84161157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.86.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298056/; classtype:trojan-activity;sid:84161156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.222.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298055/; classtype:trojan-activity;sid:84161155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.84.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298054/; classtype:trojan-activity;sid:84161154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.227.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298053/; classtype:trojan-activity;sid:84161153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.223.136.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298052/; classtype:trojan-activity;sid:84161152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.87.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298051/; classtype:trojan-activity;sid:84161151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.195.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298049/; classtype:trojan-activity;sid:84161149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.36.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298050/; classtype:trojan-activity;sid:84161150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.33.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298048/; classtype:trojan-activity;sid:84161148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.52.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298046/; classtype:trojan-activity;sid:84161146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.86.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298045/; classtype:trojan-activity;sid:84161145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.240.203.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298044/; classtype:trojan-activity;sid:84161144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.221.221.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298042/; classtype:trojan-activity;sid:84161142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.253.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298041/; classtype:trojan-activity;sid:84161141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.191.175.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298040/; classtype:trojan-activity;sid:84161140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.161.62.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298038/; classtype:trojan-activity;sid:84161138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.190.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298037/; classtype:trojan-activity;sid:84161137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.217.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298036/; classtype:trojan-activity;sid:84161136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.129.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298035/; classtype:trojan-activity;sid:84161135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.33.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298033/; classtype:trojan-activity;sid:84161133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.228.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298034/; classtype:trojan-activity;sid:84161134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.245.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298032/; classtype:trojan-activity;sid:84161132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.223.136.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298031/; classtype:trojan-activity;sid:84161131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298030)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.13.92.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298030/; classtype:trojan-activity;sid:84161130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.48.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298029/; classtype:trojan-activity;sid:84161129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298027/; classtype:trojan-activity;sid:84161127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.108.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298026/; classtype:trojan-activity;sid:84161126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.154.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298024/; classtype:trojan-activity;sid:84161124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.119.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298023/; classtype:trojan-activity;sid:84161123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.73.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298022/; classtype:trojan-activity;sid:84161122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.93.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298020/; classtype:trojan-activity;sid:84161120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298019)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1ocoi0oahx25brhh0btpcqyjrulc7s98u"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298019/; classtype:trojan-activity;sid:84161119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298017)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=16yapfbxi3o_nwr-uwtjlkxr5-nbjkbcf"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298017/; classtype:trojan-activity;sid:84161117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.88.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298016/; classtype:trojan-activity;sid:84161116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.70.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298014/; classtype:trojan-activity;sid:84161114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.22.242.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298013/; classtype:trojan-activity;sid:84161113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.191.175.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298012/; classtype:trojan-activity;sid:84161112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.18.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298011/; classtype:trojan-activity;sid:84161111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.161.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298010/; classtype:trojan-activity;sid:84161110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.88.0.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298009/; classtype:trojan-activity;sid:84161109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.22.242.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298008/; classtype:trojan-activity;sid:84161108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.126.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298007/; classtype:trojan-activity;sid:84161107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.120.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298006/; classtype:trojan-activity;sid:84161106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.48.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298005/; classtype:trojan-activity;sid:84161105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.190.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298004/; classtype:trojan-activity;sid:84161104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.71.43.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298003/; classtype:trojan-activity;sid:84161103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.98.70.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298001/; classtype:trojan-activity;sid:84161101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.20.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298000/; classtype:trojan-activity;sid:84161100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.6.143"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297999/; classtype:trojan-activity;sid:84161099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.73.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297998/; classtype:trojan-activity;sid:84161098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297997/; classtype:trojan-activity;sid:84161097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297995/; classtype:trojan-activity;sid:84161095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.35.179.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297993/; classtype:trojan-activity;sid:84161093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.113.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297994/; classtype:trojan-activity;sid:84161094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.30.120.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297991/; classtype:trojan-activity;sid:84161091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297990/; classtype:trojan-activity;sid:84161090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.100.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297989/; classtype:trojan-activity;sid:84161089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.140.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297988/; classtype:trojan-activity;sid:84161088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.189.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297986/; classtype:trojan-activity;sid:84161086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297983)"; flow:established,from_client; content:"GET"; http_method; content:"/fld/whatsappweb.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"evdeultrasoneko.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297983/; classtype:trojan-activity;sid:84161083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297984)"; flow:established,from_client; content:"GET"; http_method; content:"/fld/archivonuevo.msi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"evdeultrasoneko.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297984/; classtype:trojan-activity;sid:84161084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297982)"; flow:established,from_client; content:"GET"; http_method; content:"/fld/archivonuevo.msi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"evdeultrasoneko.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297982/; classtype:trojan-activity;sid:84161082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.14.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297980/; classtype:trojan-activity;sid:84161080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297981/; classtype:trojan-activity;sid:84161081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.171.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297979/; classtype:trojan-activity;sid:84161079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.101.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297978/; classtype:trojan-activity;sid:84161078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.174.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297976/; classtype:trojan-activity;sid:84161076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.123.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297977/; classtype:trojan-activity;sid:84161077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.189.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297974/; classtype:trojan-activity;sid:84161074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.93.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297973/; classtype:trojan-activity;sid:84161073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.162.39.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297972/; classtype:trojan-activity;sid:84161072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.14.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297971/; classtype:trojan-activity;sid:84161071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.170.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297970/; classtype:trojan-activity;sid:84161070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.172.55.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297969/; classtype:trojan-activity;sid:84161069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.215.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297967/; classtype:trojan-activity;sid:84161067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.9.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297966/; classtype:trojan-activity;sid:84161066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.154.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297964/; classtype:trojan-activity;sid:84161064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.133.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297962/; classtype:trojan-activity;sid:84161062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.237.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297961/; classtype:trojan-activity;sid:84161061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.154.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297960/; classtype:trojan-activity;sid:84161060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.222.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297959/; classtype:trojan-activity;sid:84161059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.118.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297958/; classtype:trojan-activity;sid:84161058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.25.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297956/; classtype:trojan-activity;sid:84161056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.203.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297955/; classtype:trojan-activity;sid:84161055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.14.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297954/; classtype:trojan-activity;sid:84161054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.175.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297953/; classtype:trojan-activity;sid:84161053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.105.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297951/; classtype:trojan-activity;sid:84161051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.96.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297949/; classtype:trojan-activity;sid:84161049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.28.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297947/; classtype:trojan-activity;sid:84161047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.122.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297946/; classtype:trojan-activity;sid:84161046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.172.55.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297942/; classtype:trojan-activity;sid:84161042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.186.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297943/; classtype:trojan-activity;sid:84161043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.98.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297939/; classtype:trojan-activity;sid:84161039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.53.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297938/; classtype:trojan-activity;sid:84161038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.120.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297935/; classtype:trojan-activity;sid:84161035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297933/; classtype:trojan-activity;sid:84161033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.60.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297934/; classtype:trojan-activity;sid:84161034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.199.146.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297932/; classtype:trojan-activity;sid:84161032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.15.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297928/; classtype:trojan-activity;sid:84161028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.22.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297929/; classtype:trojan-activity;sid:84161029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.95.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297930/; classtype:trojan-activity;sid:84161030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.170.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297927/; classtype:trojan-activity;sid:84161027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.172.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297925/; classtype:trojan-activity;sid:84161025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.96.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297926/; classtype:trojan-activity;sid:84161026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.4.124.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297924/; classtype:trojan-activity;sid:84161024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.14.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297923/; classtype:trojan-activity;sid:84161023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.244.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297922/; classtype:trojan-activity;sid:84161022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.77.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297921/; classtype:trojan-activity;sid:84161021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.112.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297919/; classtype:trojan-activity;sid:84161019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297918)"; flow:established,from_client; content:"GET"; http_method; content:"/guidanceconnectors.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"redappletravel.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297918/; classtype:trojan-activity;sid:84161018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.111.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297916/; classtype:trojan-activity;sid:84161016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.33.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297915/; classtype:trojan-activity;sid:84161015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.53.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297914/; classtype:trojan-activity;sid:84161014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.79.245.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297913/; classtype:trojan-activity;sid:84161013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.253.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297912/; classtype:trojan-activity;sid:84161012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.4.124.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297911/; classtype:trojan-activity;sid:84161011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.93.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297909/; classtype:trojan-activity;sid:84161009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.22.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297910/; classtype:trojan-activity;sid:84161010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.30.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297905/; classtype:trojan-activity;sid:84161005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.83.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297906/; classtype:trojan-activity;sid:84161006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.193.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297907/; classtype:trojan-activity;sid:84161007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.192.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297908/; classtype:trojan-activity;sid:84161008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.95.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297904/; classtype:trojan-activity;sid:84161004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.135.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297903/; classtype:trojan-activity;sid:84161003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.111.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297900/; classtype:trojan-activity;sid:84161000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.234.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297901/; classtype:trojan-activity;sid:84161001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.165.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297902/; classtype:trojan-activity;sid:84161002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.231.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297899/; classtype:trojan-activity;sid:84160999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.112.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297898/; classtype:trojan-activity;sid:84160998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.193.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297897/; classtype:trojan-activity;sid:84160997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.138.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297896/; classtype:trojan-activity;sid:84160996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.99.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297894/; classtype:trojan-activity;sid:84160994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.63.21.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297893/; classtype:trojan-activity;sid:84160993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.79.245.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297892/; classtype:trojan-activity;sid:84160992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.190.173.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297891/; classtype:trojan-activity;sid:84160991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.7.56.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297887/; classtype:trojan-activity;sid:84160987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.190.173.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297886/; classtype:trojan-activity;sid:84160986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.192.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297885/; classtype:trojan-activity;sid:84160985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.103.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297882/; classtype:trojan-activity;sid:84160982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.215.167.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297881/; classtype:trojan-activity;sid:84160981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297879/; classtype:trojan-activity;sid:84160979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.101.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297878/; classtype:trojan-activity;sid:84160978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.236.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297876/; classtype:trojan-activity;sid:84160976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.10.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297877/; classtype:trojan-activity;sid:84160977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.21.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297873/; classtype:trojan-activity;sid:84160973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.81.156"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297871/; classtype:trojan-activity;sid:84160971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.7.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297869/; classtype:trojan-activity;sid:84160969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.92.48.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297866/; classtype:trojan-activity;sid:84160966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.39.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297863/; classtype:trojan-activity;sid:84160963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.75.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297861/; classtype:trojan-activity;sid:84160961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.7.56.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297860/; classtype:trojan-activity;sid:84160960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.113.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297859/; classtype:trojan-activity;sid:84160959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.229.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297858/; classtype:trojan-activity;sid:84160958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.122.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297857/; classtype:trojan-activity;sid:84160957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.96.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297856/; classtype:trojan-activity;sid:84160956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.101.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297854/; classtype:trojan-activity;sid:84160954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.169.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297853/; classtype:trojan-activity;sid:84160953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.236.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297852/; classtype:trojan-activity;sid:84160952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.48.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297850/; classtype:trojan-activity;sid:84160950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.244.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297849/; classtype:trojan-activity;sid:84160949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.97.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297847/; classtype:trojan-activity;sid:84160947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.37.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297845/; classtype:trojan-activity;sid:84160945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.28.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297844/; classtype:trojan-activity;sid:84160944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.36.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297841/; classtype:trojan-activity;sid:84160941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.105.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297840/; classtype:trojan-activity;sid:84160940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.75.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297838/; classtype:trojan-activity;sid:84160938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.97.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297837/; classtype:trojan-activity;sid:84160937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.53.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297836/; classtype:trojan-activity;sid:84160936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.6.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297834/; classtype:trojan-activity;sid:84160934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.53.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297833/; classtype:trojan-activity;sid:84160933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.179.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297829/; classtype:trojan-activity;sid:84160929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.247.85.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297827/; classtype:trojan-activity;sid:84160927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.45.144.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297825/; classtype:trojan-activity;sid:84160925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.97.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297824/; classtype:trojan-activity;sid:84160924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.21.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297822/; classtype:trojan-activity;sid:84160922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297821)"; flow:established,from_client; content:"GET"; http_method; content:"/x/sillyshelf.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.216.20.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297821/; classtype:trojan-activity;sid:84160921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.45.144.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297817/; classtype:trojan-activity;sid:84160917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.253.55.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297816/; classtype:trojan-activity;sid:84160916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.82.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297814/; classtype:trojan-activity;sid:84160914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.247.85.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297813/; classtype:trojan-activity;sid:84160913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.146.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297809/; classtype:trojan-activity;sid:84160909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.125.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297807/; classtype:trojan-activity;sid:84160907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.78.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297806/; classtype:trojan-activity;sid:84160906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.255.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297804/; classtype:trojan-activity;sid:84160904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.251.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297803/; classtype:trojan-activity;sid:84160903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.46.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297801/; classtype:trojan-activity;sid:84160901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.70.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297798/; classtype:trojan-activity;sid:84160898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.9.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297796/; classtype:trojan-activity;sid:84160896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.38.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297795/; classtype:trojan-activity;sid:84160895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.59.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297788/; classtype:trojan-activity;sid:84160888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.44.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297790/; classtype:trojan-activity;sid:84160890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.186.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297791/; classtype:trojan-activity;sid:84160891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.197.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297787/; classtype:trojan-activity;sid:84160887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.179.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297786/; classtype:trojan-activity;sid:84160886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.70.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297782/; classtype:trojan-activity;sid:84160882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.5.54.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297781/; classtype:trojan-activity;sid:84160881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.106.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297778/; classtype:trojan-activity;sid:84160878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.227.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297775/; classtype:trojan-activity;sid:84160875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.35.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297776/; classtype:trojan-activity;sid:84160876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.78.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297774/; classtype:trojan-activity;sid:84160874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.209.134.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297772/; classtype:trojan-activity;sid:84160872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297770/; classtype:trojan-activity;sid:84160870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.181.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297766/; classtype:trojan-activity;sid:84160866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.239.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297767/; classtype:trojan-activity;sid:84160867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.179.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297765/; classtype:trojan-activity;sid:84160865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.185.171.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297764/; classtype:trojan-activity;sid:84160864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.184.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297762/; classtype:trojan-activity;sid:84160862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.59.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297760/; classtype:trojan-activity;sid:84160860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.164.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297761/; classtype:trojan-activity;sid:84160861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.78.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297756/; classtype:trojan-activity;sid:84160856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.107.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297757/; classtype:trojan-activity;sid:84160857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.171.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297753/; classtype:trojan-activity;sid:84160853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297750)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/nube-f5f04.appspot.com/o/ansy.txt|3f|alt=media|7c|26|7c|token=703d87ea-0284-408f-b949-21b01138d2a5"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297750/; classtype:trojan-activity;sid:84160850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.191.83.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297749/; classtype:trojan-activity;sid:84160849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.154.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297748/; classtype:trojan-activity;sid:84160848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.209.134.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297747/; classtype:trojan-activity;sid:84160847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297745)"; flow:established,from_client; content:"GET"; http_method; content:"/downloadrepe/downloadrepe12/downloads/remco.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297745/; classtype:trojan-activity;sid:84160845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297744)"; flow:established,from_client; content:"GET"; http_method; content:"/downloadrepe/downloadrepe12/downloads/dcrrrraaatttt.txt"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297744/; classtype:trojan-activity;sid:84160844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.83.55.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297743/; classtype:trojan-activity;sid:84160843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297742)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/rodriakd-8413d.appspot.com/o/dll%2fdllchichiiiiiii.txt|3f|alt=media|7c|26|7c|token=1a61f438-927c-41cf-bfb0-95bed96ea8c2"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297742/; classtype:trojan-activity;sid:84160842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297741)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/re7gknsp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297741/; classtype:trojan-activity;sid:84160841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.116.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297739/; classtype:trojan-activity;sid:84160839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.224.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297737/; classtype:trojan-activity;sid:84160837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297735)"; flow:established,from_client; content:"GET"; http_method; content:"/sostedcr.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"186.169.34.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297735/; classtype:trojan-activity;sid:84160835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297734)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"186.169.34.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297734/; classtype:trojan-activity;sid:84160834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.216.26.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297733/; classtype:trojan-activity;sid:84160833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297732)"; flow:established,from_client; content:"GET"; http_method; content:"/updates/system_update.ps1"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"139.84.238.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297732/; classtype:trojan-activity;sid:84160832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297730)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"139.84.238.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297730/; classtype:trojan-activity;sid:84160830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297731)"; flow:established,from_client; content:"GET"; http_method; content:"/run_payload.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"139.84.238.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297731/; classtype:trojan-activity;sid:84160831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.141.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297729/; classtype:trojan-activity;sid:84160829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297728)"; flow:established,from_client; content:"GET"; http_method; content:"/ttl.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"74.163.80.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297728/; classtype:trojan-activity;sid:84160828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.215.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297727/; classtype:trojan-activity;sid:84160827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.35.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297726/; classtype:trojan-activity;sid:84160826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.129.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297725/; classtype:trojan-activity;sid:84160825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.33.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297724/; classtype:trojan-activity;sid:84160824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.116.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297723/; classtype:trojan-activity;sid:84160823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.191.83.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297722/; classtype:trojan-activity;sid:84160822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.26.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297721/; classtype:trojan-activity;sid:84160821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.171.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297720/; classtype:trojan-activity;sid:84160820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.114.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297719/; classtype:trojan-activity;sid:84160819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.2.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297718/; classtype:trojan-activity;sid:84160818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.38.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297717/; classtype:trojan-activity;sid:84160817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.131.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297716/; classtype:trojan-activity;sid:84160816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.24.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297715/; classtype:trojan-activity;sid:84160815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.141.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297714/; classtype:trojan-activity;sid:84160814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.192.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297713/; classtype:trojan-activity;sid:84160813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.216.26.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297712/; classtype:trojan-activity;sid:84160812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.129.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297711/; classtype:trojan-activity;sid:84160811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297710/; classtype:trojan-activity;sid:84160810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.68.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297709/; classtype:trojan-activity;sid:84160809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.26.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297708/; classtype:trojan-activity;sid:84160808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.191.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297707/; classtype:trojan-activity;sid:84160807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.235.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297706/; classtype:trojan-activity;sid:84160806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.38.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297705/; classtype:trojan-activity;sid:84160805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.95.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297704/; classtype:trojan-activity;sid:84160804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297703)"; flow:established,from_client; content:"GET"; http_method; content:"/new_img.jpg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.20.102.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297703/; classtype:trojan-activity;sid:84160803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297702)"; flow:established,from_client; content:"GET"; http_method; content:"/darkmanager/darko/downloads/arsfcmp.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297702/; classtype:trojan-activity;sid:84160802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297701)"; flow:established,from_client; content:"GET"; http_method; content:"/darkmanager/darko/downloads/dkdddhm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297701/; classtype:trojan-activity;sid:84160801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297687)"; flow:established,from_client; content:"GET"; http_method; content:"/darkmanager/darko/downloads/bhcondezp.dat"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297687/; classtype:trojan-activity;sid:84160787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297688)"; flow:established,from_client; content:"GET"; http_method; content:"/darkmanager/darko/downloads/pcfeybmwi.wav"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297688/; classtype:trojan-activity;sid:84160788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297689)"; flow:established,from_client; content:"GET"; http_method; content:"/darkmanager/darko/downloads/rkfqslxbi.mp4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297689/; classtype:trojan-activity;sid:84160789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297690)"; flow:established,from_client; content:"GET"; http_method; content:"/darkmanager/darko/downloads/eamfjsg.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297690/; classtype:trojan-activity;sid:84160790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297691)"; flow:established,from_client; content:"GET"; http_method; content:"/darkmanager/darko/downloads/imbdeaa.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297691/; classtype:trojan-activity;sid:84160791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297692)"; flow:established,from_client; content:"GET"; http_method; content:"/darkmanager/darko/downloads/foukq.dat"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297692/; classtype:trojan-activity;sid:84160792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297693)"; flow:established,from_client; content:"GET"; http_method; content:"/darkmanager/darko/downloads/sjbmcgh.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297693/; classtype:trojan-activity;sid:84160793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297694)"; flow:established,from_client; content:"GET"; http_method; content:"/darkmanager/darko/downloads/acienjp.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297694/; classtype:trojan-activity;sid:84160794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297695)"; flow:established,from_client; content:"GET"; http_method; content:"/darkmanager/darko/downloads/nmpkerc.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297695/; classtype:trojan-activity;sid:84160795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297696)"; flow:established,from_client; content:"GET"; http_method; content:"/darkmanager/darko/downloads/mfdkcim.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297696/; classtype:trojan-activity;sid:84160796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297697)"; flow:established,from_client; content:"GET"; http_method; content:"/darkmanager/darko/downloads/phesamr.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297697/; classtype:trojan-activity;sid:84160797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297698)"; flow:established,from_client; content:"GET"; http_method; content:"/darkmanager/darko/downloads/afkiabj.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297698/; classtype:trojan-activity;sid:84160798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297699)"; flow:established,from_client; content:"GET"; http_method; content:"/darkmanager/darko/downloads/cgfhhni.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297699/; classtype:trojan-activity;sid:84160799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297700)"; flow:established,from_client; content:"GET"; http_method; content:"/darkmanager/darko/downloads/rfcenrk.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297700/; classtype:trojan-activity;sid:84160800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297686)"; flow:established,from_client; content:"GET"; http_method; content:"/darkmanager/darko/downloads/vpukwv.mp4"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297686/; classtype:trojan-activity;sid:84160786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297685)"; flow:established,from_client; content:"GET"; http_method; content:"/darkmanager/darko/downloads/panel.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297685/; classtype:trojan-activity;sid:84160785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.32.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297684/; classtype:trojan-activity;sid:84160784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297682)"; flow:established,from_client; content:"GET"; http_method; content:"/darkmanager/darko/downloads/reader_add-on.vbs"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297682/; classtype:trojan-activity;sid:84160782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297683)"; flow:established,from_client; content:"GET"; http_method; content:"/darkmanager/darko/downloads/kol_proposal.vbs"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297683/; classtype:trojan-activity;sid:84160783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.192.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297681/; classtype:trojan-activity;sid:84160781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.220.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297680/; classtype:trojan-activity;sid:84160780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.199.146.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297679/; classtype:trojan-activity;sid:84160779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.32.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297678/; classtype:trojan-activity;sid:84160778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.39.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297677/; classtype:trojan-activity;sid:84160777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297676)"; flow:established,from_client; content:"GET"; http_method; content:"/hector4576--/noviembre19/downloads/sos19nov.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297676/; classtype:trojan-activity;sid:84160776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.224.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297675/; classtype:trojan-activity;sid:84160775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.240.139.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297674/; classtype:trojan-activity;sid:84160774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.90.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297673/; classtype:trojan-activity;sid:84160773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.8.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297672/; classtype:trojan-activity;sid:84160772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297670)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.84.71.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297670/; classtype:trojan-activity;sid:84160770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.0.120.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297671/; classtype:trojan-activity;sid:84160771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297669)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.84.71.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297669/; classtype:trojan-activity;sid:84160769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.2.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297668/; classtype:trojan-activity;sid:84160768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297667)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.84.71.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297667/; classtype:trojan-activity;sid:84160767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297653)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.84.71.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297653/; classtype:trojan-activity;sid:84160753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297654)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.84.71.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297654/; classtype:trojan-activity;sid:84160754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297655)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.84.71.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297655/; classtype:trojan-activity;sid:84160755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297656)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.84.71.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297656/; classtype:trojan-activity;sid:84160756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297657)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.84.71.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297657/; classtype:trojan-activity;sid:84160757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297658)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.84.71.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297658/; classtype:trojan-activity;sid:84160758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297659)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.84.71.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297659/; classtype:trojan-activity;sid:84160759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297660)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.84.71.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297660/; classtype:trojan-activity;sid:84160760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297661)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.84.71.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297661/; classtype:trojan-activity;sid:84160761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297662)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"193.84.71.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297662/; classtype:trojan-activity;sid:84160762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.89.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297663/; classtype:trojan-activity;sid:84160763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.57.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297664/; classtype:trojan-activity;sid:84160764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.14.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297665/; classtype:trojan-activity;sid:84160765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.36.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297666/; classtype:trojan-activity;sid:84160766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297651)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.84.71.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297651/; classtype:trojan-activity;sid:84160751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297652)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.84.71.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297652/; classtype:trojan-activity;sid:84160752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297650/; classtype:trojan-activity;sid:84160750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.240.139.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297649/; classtype:trojan-activity;sid:84160749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297648)"; flow:established,from_client; content:"GET"; http_method; content:"/orderreview"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ywp.guide.borden-carleton.ca"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297648/; classtype:trojan-activity;sid:84160748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.32.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297647/; classtype:trojan-activity;sid:84160747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.182.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297646/; classtype:trojan-activity;sid:84160746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.39.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297645/; classtype:trojan-activity;sid:84160745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.15.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297644/; classtype:trojan-activity;sid:84160744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.0.120.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297643/; classtype:trojan-activity;sid:84160743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297642)"; flow:established,from_client; content:"GET"; http_method; content:"/file/build4.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"66.63.187.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297642/; classtype:trojan-activity;sid:84160742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.87.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297641/; classtype:trojan-activity;sid:84160741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.63.107.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297640/; classtype:trojan-activity;sid:84160740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.31.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297639/; classtype:trojan-activity;sid:84160739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.228.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297638/; classtype:trojan-activity;sid:84160738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.70.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297637/; classtype:trojan-activity;sid:84160737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.70.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297636/; classtype:trojan-activity;sid:84160736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.149.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297635/; classtype:trojan-activity;sid:84160735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297633)"; flow:established,from_client; content:"GET"; http_method; content:"/api/module.ocx"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"shadon.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297633/; classtype:trojan-activity;sid:84160733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297634)"; flow:established,from_client; content:"GET"; http_method; content:"/api/canew.ocx"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"shadon.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297634/; classtype:trojan-activity;sid:84160734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.109.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297632/; classtype:trojan-activity;sid:84160732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297629)"; flow:established,from_client; content:"GET"; http_method; content:"/api/img_0952.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"shadon.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297629/; classtype:trojan-activity;sid:84160729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297630)"; flow:established,from_client; content:"GET"; http_method; content:"/api/img_0950.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"shadon.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297630/; classtype:trojan-activity;sid:84160730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297631)"; flow:established,from_client; content:"GET"; http_method; content:"/api/img_0955.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"shadon.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297631/; classtype:trojan-activity;sid:84160731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297627)"; flow:established,from_client; content:"GET"; http_method; content:"/api/module.ocx"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"65.20.104.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297627/; classtype:trojan-activity;sid:84160727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297628)"; flow:established,from_client; content:"GET"; http_method; content:"/api/canew.ocx"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"65.20.104.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297628/; classtype:trojan-activity;sid:84160728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297624)"; flow:established,from_client; content:"GET"; http_method; content:"/api/img_0950.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"65.20.104.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297624/; classtype:trojan-activity;sid:84160724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297625)"; flow:established,from_client; content:"GET"; http_method; content:"/api/img_0952.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"65.20.104.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297625/; classtype:trojan-activity;sid:84160725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297626)"; flow:established,from_client; content:"GET"; http_method; content:"/api/img_0955.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"65.20.104.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297626/; classtype:trojan-activity;sid:84160726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.139.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297623/; classtype:trojan-activity;sid:84160723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.166.43.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297622/; classtype:trojan-activity;sid:84160722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297621/; classtype:trojan-activity;sid:84160721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.49.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297620/; classtype:trojan-activity;sid:84160720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.148.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297619/; classtype:trojan-activity;sid:84160719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.31.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297618/; classtype:trojan-activity;sid:84160718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.150.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297617/; classtype:trojan-activity;sid:84160717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297616)"; flow:established,from_client; content:"GET"; http_method; content:"/work/xxx.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"segurofinalizar.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297616/; classtype:trojan-activity;sid:84160716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297614)"; flow:established,from_client; content:"GET"; http_method; content:"/work/das.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jaipurraj.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297614/; classtype:trojan-activity;sid:84160714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297615)"; flow:established,from_client; content:"GET"; http_method; content:"/work/das.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bsfchile.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297615/; classtype:trojan-activity;sid:84160715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.119.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297613/; classtype:trojan-activity;sid:84160713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.200.56.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297612/; classtype:trojan-activity;sid:84160712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.239.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297610/; classtype:trojan-activity;sid:84160710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.15.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297611/; classtype:trojan-activity;sid:84160711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.98.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297609/; classtype:trojan-activity;sid:84160709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.39.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297608/; classtype:trojan-activity;sid:84160708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.235.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297607/; classtype:trojan-activity;sid:84160707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.78.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297605/; classtype:trojan-activity;sid:84160705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.45.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297606/; classtype:trojan-activity;sid:84160706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.180.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297604/; classtype:trojan-activity;sid:84160704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.78.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297602/; classtype:trojan-activity;sid:84160702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.61.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297603/; classtype:trojan-activity;sid:84160703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.51.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297601/; classtype:trojan-activity;sid:84160701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.141.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297600/; classtype:trojan-activity;sid:84160700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.149.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297599/; classtype:trojan-activity;sid:84160699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.200.56.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297598/; classtype:trojan-activity;sid:84160698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.186.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297597/; classtype:trojan-activity;sid:84160697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297596/; classtype:trojan-activity;sid:84160696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.15.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297595/; classtype:trojan-activity;sid:84160695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.39.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297594/; classtype:trojan-activity;sid:84160694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.138.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297593/; classtype:trojan-activity;sid:84160693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297592/; classtype:trojan-activity;sid:84160692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.26.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297591/; classtype:trojan-activity;sid:84160691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297590/; classtype:trojan-activity;sid:84160690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.28.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297589/; classtype:trojan-activity;sid:84160689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.17.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297588/; classtype:trojan-activity;sid:84160688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.239.128.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297587/; classtype:trojan-activity;sid:84160687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.244.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297586/; classtype:trojan-activity;sid:84160686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297585)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.57.79.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297585/; classtype:trojan-activity;sid:84160685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.171.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297584/; classtype:trojan-activity;sid:84160684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.186.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297583/; classtype:trojan-activity;sid:84160683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297582/; classtype:trojan-activity;sid:84160682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.255.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297581/; classtype:trojan-activity;sid:84160681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.88.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297580/; classtype:trojan-activity;sid:84160680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297579)"; flow:established,from_client; content:"GET"; http_method; content:"/files/proxy146.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297579/; classtype:trojan-activity;sid:84160679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.224.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297578/; classtype:trojan-activity;sid:84160678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.35.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297576/; classtype:trojan-activity;sid:84160676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.55.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297577/; classtype:trojan-activity;sid:84160677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.88.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297575/; classtype:trojan-activity;sid:84160675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.68.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297574/; classtype:trojan-activity;sid:84160674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.96.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297571/; classtype:trojan-activity;sid:84160671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297572/; classtype:trojan-activity;sid:84160672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.25.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297573/; classtype:trojan-activity;sid:84160673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.36.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297570/; classtype:trojan-activity;sid:84160670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.28.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297569/; classtype:trojan-activity;sid:84160669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.138.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297568/; classtype:trojan-activity;sid:84160668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.239.128.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297567/; classtype:trojan-activity;sid:84160667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297566/; classtype:trojan-activity;sid:84160666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.89.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297565/; classtype:trojan-activity;sid:84160665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.62.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297564/; classtype:trojan-activity;sid:84160664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.27.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297563/; classtype:trojan-activity;sid:84160663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.198.21.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297562/; classtype:trojan-activity;sid:84160662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.8.110.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297561/; classtype:trojan-activity;sid:84160661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.32.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297560/; classtype:trojan-activity;sid:84160660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.57.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297558/; classtype:trojan-activity;sid:84160658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.2.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297559/; classtype:trojan-activity;sid:84160659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297557/; classtype:trojan-activity;sid:84160657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297556)"; flow:established,from_client; content:"GET"; http_method; content:"/abc_s5_proxy_1.4.6.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.abcproxy.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297556/; classtype:trojan-activity;sid:84160656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.152.9.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297555/; classtype:trojan-activity;sid:84160655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.209.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297554/; classtype:trojan-activity;sid:84160654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.25.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297553/; classtype:trojan-activity;sid:84160653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.55.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297552/; classtype:trojan-activity;sid:84160652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.102.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297551/; classtype:trojan-activity;sid:84160651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.118.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297550/; classtype:trojan-activity;sid:84160650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297549/; classtype:trojan-activity;sid:84160649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.104.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297548/; classtype:trojan-activity;sid:84160648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.230.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297547/; classtype:trojan-activity;sid:84160647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.102.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297546/; classtype:trojan-activity;sid:84160646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.36.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297545/; classtype:trojan-activity;sid:84160645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.28.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297544/; classtype:trojan-activity;sid:84160644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.169.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297543/; classtype:trojan-activity;sid:84160643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297542)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.154.237.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297542/; classtype:trojan-activity;sid:84160642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.57.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297541/; classtype:trojan-activity;sid:84160641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297539)"; flow:established,from_client; content:"GET"; http_method; content:"/d/pnsbt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297539/; classtype:trojan-activity;sid:84160639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297540)"; flow:established,from_client; content:"GET"; http_method; content:"/d/gnre8/0"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297540/; classtype:trojan-activity;sid:84160640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.120.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297538/; classtype:trojan-activity;sid:84160638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297537/; classtype:trojan-activity;sid:84160637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.98.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297536/; classtype:trojan-activity;sid:84160636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297531)"; flow:established,from_client; content:"GET"; http_method; content:"/files/lumma111.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297531/; classtype:trojan-activity;sid:84160631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.99.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297532/; classtype:trojan-activity;sid:84160632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.207.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297533/; classtype:trojan-activity;sid:84160633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.209.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297534/; classtype:trojan-activity;sid:84160634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.165.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297535/; classtype:trojan-activity;sid:84160635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.178.9.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297528/; classtype:trojan-activity;sid:84160628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.47.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297529/; classtype:trojan-activity;sid:84160629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.228.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297530/; classtype:trojan-activity;sid:84160630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297516)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/upload/filmy%20i%20obrazy%20chronione%20prawami%20autorskimi%20przez%20autora.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"www.aviationchartersolutions.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297516/; classtype:trojan-activity;sid:84160616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.9.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297503/; classtype:trojan-activity;sid:84160603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.43.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297502/; classtype:trojan-activity;sid:84160602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297500/; classtype:trojan-activity;sid:84160600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.72.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297501/; classtype:trojan-activity;sid:84160601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297483)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis_all"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"aviationchartersolutions.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297483/; classtype:trojan-activity;sid:84160583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297484)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen.b64"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"aviationchartersolutions.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297484/; classtype:trojan-activity;sid:84160584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297485)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen_pure_enc"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"aviationchartersolutions.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297485/; classtype:trojan-activity;sid:84160585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297486)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis_all"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"aviationchartersolutions.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297486/; classtype:trojan-activity;sid:84160586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297487)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis_pure_enc"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"aviationchartersolutions.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297487/; classtype:trojan-activity;sid:84160587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297488)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen_all"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.aviationchartersolutions.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297488/; classtype:trojan-activity;sid:84160588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297489)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen_pure_enc"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.aviationchartersolutions.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297489/; classtype:trojan-activity;sid:84160589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297490)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis_pure_enc"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"www.aviationchartersolutions.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297490/; classtype:trojan-activity;sid:84160590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297491)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen_all"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"aviationchartersolutions.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297491/; classtype:trojan-activity;sid:84160591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297492)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen_pure_enc"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.aviationchartersolutions.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297492/; classtype:trojan-activity;sid:84160592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297493)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis_pure_enc"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"www.aviationchartersolutions.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297493/; classtype:trojan-activity;sid:84160593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297494)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis_all"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"www.aviationchartersolutions.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297494/; classtype:trojan-activity;sid:84160594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297495)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis_all"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"www.aviationchartersolutions.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297495/; classtype:trojan-activity;sid:84160595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297496)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen_all"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"aviationchartersolutions.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297496/; classtype:trojan-activity;sid:84160596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297497)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen_pure_enc"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"aviationchartersolutions.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297497/; classtype:trojan-activity;sid:84160597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297498)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis_pure_enc"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"aviationchartersolutions.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297498/; classtype:trojan-activity;sid:84160598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297499)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen_all"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.aviationchartersolutions.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297499/; classtype:trojan-activity;sid:84160599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297476)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis.b64"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"www.aviationchartersolutions.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297476/; classtype:trojan-activity;sid:84160576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297477)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen.b64"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"aviationchartersolutions.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297477/; classtype:trojan-activity;sid:84160577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297478)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis.b64"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"aviationchartersolutions.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297478/; classtype:trojan-activity;sid:84160578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297479)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen.b64"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.aviationchartersolutions.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297479/; classtype:trojan-activity;sid:84160579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297480)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen.b64"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.aviationchartersolutions.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297480/; classtype:trojan-activity;sid:84160580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297481)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis.b64"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"aviationchartersolutions.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297481/; classtype:trojan-activity;sid:84160581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297482)"; flow:established,from_client; content:"GET"; http_method; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis.b64"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"www.aviationchartersolutions.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297482/; classtype:trojan-activity;sid:84160582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.98.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297475/; classtype:trojan-activity;sid:84160575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.164.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297474/; classtype:trojan-activity;sid:84160574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297472)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.222.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297472/; classtype:trojan-activity;sid:84160572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297473)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.240.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297473/; classtype:trojan-activity;sid:84160573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.150.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297471/; classtype:trojan-activity;sid:84160571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.47.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297470/; classtype:trojan-activity;sid:84160570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.47.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297469/; classtype:trojan-activity;sid:84160569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.154.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297468/; classtype:trojan-activity;sid:84160568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.255.202.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297467/; classtype:trojan-activity;sid:84160567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.255.202.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297466/; classtype:trojan-activity;sid:84160566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.30.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297465/; classtype:trojan-activity;sid:84160565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.197.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297464/; classtype:trojan-activity;sid:84160564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.63.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297463/; classtype:trojan-activity;sid:84160563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.28.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297462/; classtype:trojan-activity;sid:84160562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297461)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.107.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297461/; classtype:trojan-activity;sid:84160561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.161.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297460/; classtype:trojan-activity;sid:84160560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.72.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297456/; classtype:trojan-activity;sid:84160556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.151.76.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297457/; classtype:trojan-activity;sid:84160557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.239.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297458/; classtype:trojan-activity;sid:84160558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.35.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297459/; classtype:trojan-activity;sid:84160559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.153.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297455/; classtype:trojan-activity;sid:84160555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297454)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.8.212.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297454/; classtype:trojan-activity;sid:84160554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.166.13.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297453/; classtype:trojan-activity;sid:84160553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.188.16.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297452/; classtype:trojan-activity;sid:84160552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.137.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297451/; classtype:trojan-activity;sid:84160551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.15.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297450/; classtype:trojan-activity;sid:84160550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"38.137.250.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297448/; classtype:trojan-activity;sid:84160548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.233.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297449/; classtype:trojan-activity;sid:84160549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297447)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.214.186.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297447/; classtype:trojan-activity;sid:84160547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297446)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297446/; classtype:trojan-activity;sid:84160546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.123.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297445/; classtype:trojan-activity;sid:84160545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297444/; classtype:trojan-activity;sid:84160544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.197.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297443/; classtype:trojan-activity;sid:84160543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.185.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297441/; classtype:trojan-activity;sid:84160541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.74.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297442/; classtype:trojan-activity;sid:84160542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.184.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297440/; classtype:trojan-activity;sid:84160540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.188.16.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297439/; classtype:trojan-activity;sid:84160539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297438)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.23.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297438/; classtype:trojan-activity;sid:84160538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.21.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297437/; classtype:trojan-activity;sid:84160537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.221.225.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297436/; classtype:trojan-activity;sid:84160536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.15.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297435/; classtype:trojan-activity;sid:84160535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.13.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297434/; classtype:trojan-activity;sid:84160534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.239.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297433/; classtype:trojan-activity;sid:84160533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.223.185.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297432/; classtype:trojan-activity;sid:84160532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.148.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297431/; classtype:trojan-activity;sid:84160531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.184.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297430/; classtype:trojan-activity;sid:84160530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297429)"; flow:established,from_client; content:"GET"; http_method; content:"/palofd"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.180.147.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297429/; classtype:trojan-activity;sid:84160529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.185.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297428/; classtype:trojan-activity;sid:84160528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.74.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297427/; classtype:trojan-activity;sid:84160527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.221.225.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297426/; classtype:trojan-activity;sid:84160526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"198.163.192.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297425/; classtype:trojan-activity;sid:84160525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.183.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297424/; classtype:trojan-activity;sid:84160524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.56.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297421/; classtype:trojan-activity;sid:84160521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.42.74.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297422/; classtype:trojan-activity;sid:84160522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.208.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297423/; classtype:trojan-activity;sid:84160523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.236.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297419/; classtype:trojan-activity;sid:84160519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297420)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.47.90.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297420/; classtype:trojan-activity;sid:84160520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.163.192.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297417/; classtype:trojan-activity;sid:84160517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.101.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297418/; classtype:trojan-activity;sid:84160518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.39.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297416/; classtype:trojan-activity;sid:84160516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.148.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297415/; classtype:trojan-activity;sid:84160515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.229.54.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297414/; classtype:trojan-activity;sid:84160514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297413)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.26.95.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297413/; classtype:trojan-activity;sid:84160513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.27.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297411/; classtype:trojan-activity;sid:84160511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.54.160.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297412/; classtype:trojan-activity;sid:84160512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297408)"; flow:established,from_client; content:"GET"; http_method; content:"/atp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aiddoscnc.aisysmddos.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297408/; classtype:trojan-activity;sid:84160508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297409)"; flow:established,from_client; content:"GET"; http_method; content:"/atp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.91.193.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297409/; classtype:trojan-activity;sid:84160509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297410)"; flow:established,from_client; content:"GET"; http_method; content:"/atp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aiddoscnc2.aisysmddos.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297410/; classtype:trojan-activity;sid:84160510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.231.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297407/; classtype:trojan-activity;sid:84160507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.116.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297406/; classtype:trojan-activity;sid:84160506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297405)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.91.193.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297405/; classtype:trojan-activity;sid:84160505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297378)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aiddoscnc2.aisysmddos.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297378/; classtype:trojan-activity;sid:84160478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297379)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aiddoscnc2.aisysmddos.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297379/; classtype:trojan-activity;sid:84160479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297380)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.91.193.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297380/; classtype:trojan-activity;sid:84160480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297381)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.91.193.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297381/; classtype:trojan-activity;sid:84160481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297382)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aiddoscnc.aisysmddos.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297382/; classtype:trojan-activity;sid:84160482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297383)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.91.193.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297383/; classtype:trojan-activity;sid:84160483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297384)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aiddoscnc2.aisysmddos.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297384/; classtype:trojan-activity;sid:84160484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297385)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aiddoscnc2.aisysmddos.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297385/; classtype:trojan-activity;sid:84160485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297386)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aiddoscnc.aisysmddos.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297386/; classtype:trojan-activity;sid:84160486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297387)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aiddoscnc2.aisysmddos.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297387/; classtype:trojan-activity;sid:84160487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297388)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aiddoscnc2.aisysmddos.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297388/; classtype:trojan-activity;sid:84160488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297389)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aiddoscnc.aisysmddos.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297389/; classtype:trojan-activity;sid:84160489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297390)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aiddoscnc.aisysmddos.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297390/; classtype:trojan-activity;sid:84160490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297391)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.91.193.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297391/; classtype:trojan-activity;sid:84160491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297392)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aiddoscnc2.aisysmddos.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297392/; classtype:trojan-activity;sid:84160492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297393)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aiddoscnc.aisysmddos.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297393/; classtype:trojan-activity;sid:84160493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297394)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aiddoscnc2.aisysmddos.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297394/; classtype:trojan-activity;sid:84160494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297395)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aiddoscnc.aisysmddos.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297395/; classtype:trojan-activity;sid:84160495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297396)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aiddoscnc.aisysmddos.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297396/; classtype:trojan-activity;sid:84160496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297397)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aiddoscnc2.aisysmddos.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297397/; classtype:trojan-activity;sid:84160497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297398)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aiddoscnc.aisysmddos.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297398/; classtype:trojan-activity;sid:84160498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297399)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"aiddoscnc2.aisysmddos.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297399/; classtype:trojan-activity;sid:84160499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297400)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aiddoscnc2.aisysmddos.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297400/; classtype:trojan-activity;sid:84160500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297401)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aiddoscnc.aisysmddos.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297401/; classtype:trojan-activity;sid:84160501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297402)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aiddoscnc.aisysmddos.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297402/; classtype:trojan-activity;sid:84160502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"aiddoscnc.aisysmddos.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297403/; classtype:trojan-activity;sid:84160503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297404)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aiddoscnc.aisysmddos.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297404/; classtype:trojan-activity;sid:84160504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297377)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aiddoscnc2.aisysmddos.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297377/; classtype:trojan-activity;sid:84160477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297373)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.91.193.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297373/; classtype:trojan-activity;sid:84160473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297374)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.91.193.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297374/; classtype:trojan-activity;sid:84160474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297375)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.91.193.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297375/; classtype:trojan-activity;sid:84160475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297376)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.91.193.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297376/; classtype:trojan-activity;sid:84160476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297372)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.91.193.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297372/; classtype:trojan-activity;sid:84160472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.252.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297371/; classtype:trojan-activity;sid:84160471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.111.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297369/; classtype:trojan-activity;sid:84160469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.236.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297370/; classtype:trojan-activity;sid:84160470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.229.54.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297368/; classtype:trojan-activity;sid:84160468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.132.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297367/; classtype:trojan-activity;sid:84160467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297366)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.164.248.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297366/; classtype:trojan-activity;sid:84160466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.252.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297365/; classtype:trojan-activity;sid:84160465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.70.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297364/; classtype:trojan-activity;sid:84160464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.5.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297363/; classtype:trojan-activity;sid:84160463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.226.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297362/; classtype:trojan-activity;sid:84160462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.125.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297361/; classtype:trojan-activity;sid:84160461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.111.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297359/; classtype:trojan-activity;sid:84160459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297360/; classtype:trojan-activity;sid:84160460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297358)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin3.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cheat.underground-cheat.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297358/; classtype:trojan-activity;sid:84160458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.44.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297357/; classtype:trojan-activity;sid:84160457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.144.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297355/; classtype:trojan-activity;sid:84160455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297356)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin3.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"81.161.238.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297356/; classtype:trojan-activity;sid:84160456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.151.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297354/; classtype:trojan-activity;sid:84160454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297353)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.183.25.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297353/; classtype:trojan-activity;sid:84160453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.132.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297352/; classtype:trojan-activity;sid:84160452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.89.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297351/; classtype:trojan-activity;sid:84160451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297350/; classtype:trojan-activity;sid:84160450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297349)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.86.188.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297349/; classtype:trojan-activity;sid:84160449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.158.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297345/; classtype:trojan-activity;sid:84160445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.192.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297346/; classtype:trojan-activity;sid:84160446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.241.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297347/; classtype:trojan-activity;sid:84160447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.74.29.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297348/; classtype:trojan-activity;sid:84160448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297343)"; flow:established,from_client; content:"GET"; http_method; content:"/winsvc.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"81.161.238.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297343/; classtype:trojan-activity;sid:84160443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297344)"; flow:established,from_client; content:"GET"; http_method; content:"/winsvc.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cheat.underground-cheat.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297344/; classtype:trojan-activity;sid:84160444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.116.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297342/; classtype:trojan-activity;sid:84160442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.41.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297341/; classtype:trojan-activity;sid:84160441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.121.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297340/; classtype:trojan-activity;sid:84160440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.21.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297339/; classtype:trojan-activity;sid:84160439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297338/; classtype:trojan-activity;sid:84160438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.28.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297337/; classtype:trojan-activity;sid:84160437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297336)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.32.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297336/; classtype:trojan-activity;sid:84160436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.208.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297335/; classtype:trojan-activity;sid:84160435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.144.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297334/; classtype:trojan-activity;sid:84160434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.158.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297332/; classtype:trojan-activity;sid:84160432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.87.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297333/; classtype:trojan-activity;sid:84160433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.41.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297331/; classtype:trojan-activity;sid:84160431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.30.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297330/; classtype:trojan-activity;sid:84160430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.21.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297329/; classtype:trojan-activity;sid:84160429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297328/; classtype:trojan-activity;sid:84160428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.26.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297327/; classtype:trojan-activity;sid:84160427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.6.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297326/; classtype:trojan-activity;sid:84160426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.164.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297325/; classtype:trojan-activity;sid:84160425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.82.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297324/; classtype:trojan-activity;sid:84160424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.176.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297322/; classtype:trojan-activity;sid:84160422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.87.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297323/; classtype:trojan-activity;sid:84160423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.118.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297321/; classtype:trojan-activity;sid:84160421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.74.13.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297320/; classtype:trojan-activity;sid:84160420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.170.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297319/; classtype:trojan-activity;sid:84160419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.232.60.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297318/; classtype:trojan-activity;sid:84160418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297317)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.47.20.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297317/; classtype:trojan-activity;sid:84160417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.16.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297315/; classtype:trojan-activity;sid:84160415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.188.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297316/; classtype:trojan-activity;sid:84160416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.4.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297314/; classtype:trojan-activity;sid:84160414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.235.215.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297313/; classtype:trojan-activity;sid:84160413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297312)"; flow:established,from_client; content:"GET"; http_method; content:"/factura09876567000.bat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297312/; classtype:trojan-activity;sid:84160412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297311)"; flow:established,from_client; content:"GET"; http_method; content:"/31/winnit.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"107.173.4.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297311/; classtype:trojan-activity;sid:84160411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297310)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/mt/generatethebstgoodpeoplesaroundtheworldwithgood.hta"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"107.173.4.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297310/; classtype:trojan-activity;sid:84160410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.213.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297309/; classtype:trojan-activity;sid:84160409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.161.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297307/; classtype:trojan-activity;sid:84160407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.239.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297308/; classtype:trojan-activity;sid:84160408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297306)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cerebspxrrzmtdac8ykigsgnaxzagzyt"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297306/; classtype:trojan-activity;sid:84160406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297305)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ziyxcjuvj99qtxqjbjaxmsemo3ex9d8j"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297305/; classtype:trojan-activity;sid:84160405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297304)"; flow:established,from_client; content:"GET"; http_method; content:"/45/ww/seethebestthignswhichgivingbestopportunities.hta"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"192.3.220.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297304/; classtype:trojan-activity;sid:84160404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.176.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297303/; classtype:trojan-activity;sid:84160403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.112.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297302/; classtype:trojan-activity;sid:84160402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.193.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297301/; classtype:trojan-activity;sid:84160401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.118.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297300/; classtype:trojan-activity;sid:84160400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297298)"; flow:established,from_client; content:"GET"; http_method; content:"/41/seethebestthingswhichgivingbestthignsevertogetmebackwithenitretimegiv.tif"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"172.245.123.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297298/; classtype:trojan-activity;sid:84160398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297299)"; flow:established,from_client; content:"GET"; http_method; content:"/41/mn/seethebestthingswhichgivenbestthingsforentiretimeforme.hta"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"172.245.123.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297299/; classtype:trojan-activity;sid:84160399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297297)"; flow:established,from_client; content:"GET"; http_method; content:"/undershooting.hhk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"shalouxt.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297297/; classtype:trojan-activity;sid:84160397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.82.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297295/; classtype:trojan-activity;sid:84160395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297296)"; flow:established,from_client; content:"GET"; http_method; content:"/ulabmedjflhpwz78.bin"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"shalouxt.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297296/; classtype:trojan-activity;sid:84160396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297294)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/includes/max/edderkoppen.chm"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"freeagirl.de"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297294/; classtype:trojan-activity;sid:84160394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.85.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297293/; classtype:trojan-activity;sid:84160393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.6.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297292/; classtype:trojan-activity;sid:84160392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.111.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297291/; classtype:trojan-activity;sid:84160391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.253.55.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297290/; classtype:trojan-activity;sid:84160390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.131.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297289/; classtype:trojan-activity;sid:84160389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.255.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297288/; classtype:trojan-activity;sid:84160388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.72.210.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297285/; classtype:trojan-activity;sid:84160385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.11.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297286/; classtype:trojan-activity;sid:84160386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.89.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297287/; classtype:trojan-activity;sid:84160387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297283)"; flow:established,from_client; content:"GET"; http_method; content:"/1d85fd701b9057d3/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.177.109.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297283/; classtype:trojan-activity;sid:84160383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297284)"; flow:established,from_client; content:"GET"; http_method; content:"/1d85fd701b9057d3/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"31.177.109.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297284/; classtype:trojan-activity;sid:84160384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297278)"; flow:established,from_client; content:"GET"; http_method; content:"/1d85fd701b9057d3/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"31.177.109.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297278/; classtype:trojan-activity;sid:84160378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297279)"; flow:established,from_client; content:"GET"; http_method; content:"/1d85fd701b9057d3/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"31.177.109.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297279/; classtype:trojan-activity;sid:84160379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297280)"; flow:established,from_client; content:"GET"; http_method; content:"/1d85fd701b9057d3/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"31.177.109.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297280/; classtype:trojan-activity;sid:84160380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297281)"; flow:established,from_client; content:"GET"; http_method; content:"/1d85fd701b9057d3/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.177.109.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297281/; classtype:trojan-activity;sid:84160381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297282)"; flow:established,from_client; content:"GET"; http_method; content:"/1d85fd701b9057d3/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.177.109.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297282/; classtype:trojan-activity;sid:84160382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.240.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297277/; classtype:trojan-activity;sid:84160377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.155.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297276/; classtype:trojan-activity;sid:84160376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.220.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297275/; classtype:trojan-activity;sid:84160375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.75.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297274/; classtype:trojan-activity;sid:84160374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.193.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297273/; classtype:trojan-activity;sid:84160373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.125.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297272/; classtype:trojan-activity;sid:84160372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.75.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297271/; classtype:trojan-activity;sid:84160371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297270)"; flow:established,from_client; content:"GET"; http_method; content:"/feilian_latestx64.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"cdn.wecdndown.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297270/; classtype:trojan-activity;sid:84160370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297269)"; flow:established,from_client; content:"GET"; http_method; content:"/wl_tp_extend_app_v1.0.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"106.42.31.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297269/; classtype:trojan-activity;sid:84160369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297268)"; flow:established,from_client; content:"GET"; http_method; content:"/chromex64.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cdn.wecdndown.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297268/; classtype:trojan-activity;sid:84160368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297267)"; flow:established,from_client; content:"GET"; http_method; content:"/gateio-win64.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cdn.wecdndown.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297267/; classtype:trojan-activity;sid:84160367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297266)"; flow:established,from_client; content:"GET"; http_method; content:"/mexc_winx64.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cdn.wecdndown.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297266/; classtype:trojan-activity;sid:84160366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297265)"; flow:established,from_client; content:"GET"; http_method; content:"/todeskx64.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cdn.wecdndown.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297265/; classtype:trojan-activity;sid:84160365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297264)"; flow:established,from_client; content:"GET"; http_method; content:"/demongen-windows-arm64.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"194.164.59.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297264/; classtype:trojan-activity;sid:84160364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297262)"; flow:established,from_client; content:"GET"; http_method; content:"/transocks_x64.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cdn.wecdndown.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297262/; classtype:trojan-activity;sid:84160362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297263)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"167.86.89.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297263/; classtype:trojan-activity;sid:84160363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297261)"; flow:established,from_client; content:"GET"; http_method; content:"/wl_upgrade_new.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"106.42.31.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297261/; classtype:trojan-activity;sid:84160361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297259)"; flow:established,from_client; content:"GET"; http_method; content:"/215.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.193.100.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297259/; classtype:trojan-activity;sid:84160359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297260)"; flow:established,from_client; content:"GET"; http_method; content:"/214.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.193.100.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297260/; classtype:trojan-activity;sid:84160360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297258)"; flow:established,from_client; content:"GET"; http_method; content:"/s4.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.193.100.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297258/; classtype:trojan-activity;sid:84160358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297257)"; flow:established,from_client; content:"GET"; http_method; content:"/212.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.193.100.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297257/; classtype:trojan-activity;sid:84160357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297256)"; flow:established,from_client; content:"GET"; http_method; content:"/demongen-windows-amd64.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"194.164.59.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297256/; classtype:trojan-activity;sid:84160356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297255)"; flow:established,from_client; content:"GET"; http_method; content:"/213.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.193.100.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297255/; classtype:trojan-activity;sid:84160355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297254)"; flow:established,from_client; content:"GET"; http_method; content:"/99.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.193.100.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297254/; classtype:trojan-activity;sid:84160354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297253)"; flow:established,from_client; content:"GET"; http_method; content:"/208.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.193.100.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297253/; classtype:trojan-activity;sid:84160353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297252)"; flow:established,from_client; content:"GET"; http_method; content:"/demongen-linux-arm64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"194.164.59.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297252/; classtype:trojan-activity;sid:84160352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297251)"; flow:established,from_client; content:"GET"; http_method; content:"/demongen-linux-amd64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"194.164.59.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297251/; classtype:trojan-activity;sid:84160351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297249)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener2.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"190.9.223.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297249/; classtype:trojan-activity;sid:84160349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297250)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.161.238.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297250/; classtype:trojan-activity;sid:84160350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297248)"; flow:established,from_client; content:"GET"; http_method; content:"/demongen-darwin-amd64"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.164.59.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297248/; classtype:trojan-activity;sid:84160348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297247)"; flow:established,from_client; content:"GET"; http_method; content:"/my_upgrade_new.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"106.42.31.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297247/; classtype:trojan-activity;sid:84160347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297245)"; flow:established,from_client; content:"GET"; http_method; content:"/wait.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"106.42.31.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297245/; classtype:trojan-activity;sid:84160345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297246)"; flow:established,from_client; content:"GET"; http_method; content:"/ajiasu_x64.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cdn.wecdndown.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297246/; classtype:trojan-activity;sid:84160346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297244)"; flow:established,from_client; content:"GET"; http_method; content:"/maomao.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"potok.fund"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297244/; classtype:trojan-activity;sid:84160344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297243)"; flow:established,from_client; content:"GET"; http_method; content:"/maomao.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"potok.casa"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297243/; classtype:trojan-activity;sid:84160343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297242)"; flow:established,from_client; content:"GET"; http_method; content:"/killdefender.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"38.207.132.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297242/; classtype:trojan-activity;sid:84160342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.75.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297241/; classtype:trojan-activity;sid:84160341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.203.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297240/; classtype:trojan-activity;sid:84160340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.6.143"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297239/; classtype:trojan-activity;sid:84160339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297238)"; flow:established,from_client; content:"GET"; http_method; content:"/files/stealc_main1.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297238/; classtype:trojan-activity;sid:84160338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.38.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297237/; classtype:trojan-activity;sid:84160337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.89.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297236/; classtype:trojan-activity;sid:84160336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297235)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.88.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297235/; classtype:trojan-activity;sid:84160335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.162.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297233/; classtype:trojan-activity;sid:84160333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297234)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.224.28.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297234/; classtype:trojan-activity;sid:84160334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.228.55.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297232/; classtype:trojan-activity;sid:84160332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.10.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297231/; classtype:trojan-activity;sid:84160331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297230)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.243.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297230/; classtype:trojan-activity;sid:84160330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.28.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297229/; classtype:trojan-activity;sid:84160329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.176.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297226/; classtype:trojan-activity;sid:84160326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.15.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297227/; classtype:trojan-activity;sid:84160327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.203.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297228/; classtype:trojan-activity;sid:84160328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.155.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297224/; classtype:trojan-activity;sid:84160324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.183.7.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297225/; classtype:trojan-activity;sid:84160325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.5.54.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297223/; classtype:trojan-activity;sid:84160323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297222/; classtype:trojan-activity;sid:84160322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.242.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297220/; classtype:trojan-activity;sid:84160320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.228.55.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297221/; classtype:trojan-activity;sid:84160321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.168.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297219/; classtype:trojan-activity;sid:84160319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.220.238.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297218/; classtype:trojan-activity;sid:84160318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.203.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297217/; classtype:trojan-activity;sid:84160317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.42.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297216/; classtype:trojan-activity;sid:84160316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297213/; classtype:trojan-activity;sid:84160313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.171.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297214/; classtype:trojan-activity;sid:84160314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.59.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297215/; classtype:trojan-activity;sid:84160315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.184.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297212/; classtype:trojan-activity;sid:84160312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.139.155.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297211/; classtype:trojan-activity;sid:84160311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.84.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297210/; classtype:trojan-activity;sid:84160310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.203.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297209/; classtype:trojan-activity;sid:84160309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297208/; classtype:trojan-activity;sid:84160308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.10.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297207/; classtype:trojan-activity;sid:84160307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.152.240.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297206/; classtype:trojan-activity;sid:84160306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.35.243.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297205/; classtype:trojan-activity;sid:84160305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.39.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297204/; classtype:trojan-activity;sid:84160304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.102.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297203/; classtype:trojan-activity;sid:84160303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.181.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297202/; classtype:trojan-activity;sid:84160302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.42.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297201/; classtype:trojan-activity;sid:84160301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.71.17.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297200/; classtype:trojan-activity;sid:84160300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.181.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297199/; classtype:trojan-activity;sid:84160299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.141.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297198/; classtype:trojan-activity;sid:84160298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.227.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297197/; classtype:trojan-activity;sid:84160297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.171.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297196/; classtype:trojan-activity;sid:84160296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.102.29.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297194/; classtype:trojan-activity;sid:84160294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297195/; classtype:trojan-activity;sid:84160295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.43.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297193/; classtype:trojan-activity;sid:84160293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.242.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297192/; classtype:trojan-activity;sid:84160292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.211.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297191/; classtype:trojan-activity;sid:84160291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.102.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297190/; classtype:trojan-activity;sid:84160290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.131.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297189/; classtype:trojan-activity;sid:84160289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.193.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297185/; classtype:trojan-activity;sid:84160285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297186)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297186/; classtype:trojan-activity;sid:84160286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.66.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297187/; classtype:trojan-activity;sid:84160287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297188)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297188/; classtype:trojan-activity;sid:84160288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.101.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297183/; classtype:trojan-activity;sid:84160283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.210.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297184/; classtype:trojan-activity;sid:84160284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.231.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297182/; classtype:trojan-activity;sid:84160282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.131.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297180/; classtype:trojan-activity;sid:84160280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.213.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297181/; classtype:trojan-activity;sid:84160281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.141.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297179/; classtype:trojan-activity;sid:84160279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.154.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297178/; classtype:trojan-activity;sid:84160278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.227.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297177/; classtype:trojan-activity;sid:84160277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.130.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297176/; classtype:trojan-activity;sid:84160276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297175/; classtype:trojan-activity;sid:84160275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297174/; classtype:trojan-activity;sid:84160274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.218.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297173/; classtype:trojan-activity;sid:84160273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.132.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297172/; classtype:trojan-activity;sid:84160272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.9.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297171/; classtype:trojan-activity;sid:84160271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297170/; classtype:trojan-activity;sid:84160270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.230.79.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297169/; classtype:trojan-activity;sid:84160269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.61.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297168/; classtype:trojan-activity;sid:84160268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.225.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297167/; classtype:trojan-activity;sid:84160267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.107.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297166/; classtype:trojan-activity;sid:84160266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.168.236.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297165/; classtype:trojan-activity;sid:84160265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.102.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297163/; classtype:trojan-activity;sid:84160263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.254.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297164/; classtype:trojan-activity;sid:84160264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.72.213.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297162/; classtype:trojan-activity;sid:84160262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297160)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.3.195.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297160/; classtype:trojan-activity;sid:84160260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297161)"; flow:established,from_client; content:"GET"; http_method; content:"/ropsjsn_belphegor_obf.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"62.60.153.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297161/; classtype:trojan-activity;sid:84160261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.232.241.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297159/; classtype:trojan-activity;sid:84160259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.69.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297158/; classtype:trojan-activity;sid:84160258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.25.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297157/; classtype:trojan-activity;sid:84160257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.61.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297155/; classtype:trojan-activity;sid:84160255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.55.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297156/; classtype:trojan-activity;sid:84160256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297154/; classtype:trojan-activity;sid:84160254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.210.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297153/; classtype:trojan-activity;sid:84160253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.179.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297152/; classtype:trojan-activity;sid:84160252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.124.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297151/; classtype:trojan-activity;sid:84160251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.67.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297150/; classtype:trojan-activity;sid:84160250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.80.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297149/; classtype:trojan-activity;sid:84160249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297148)"; flow:established,from_client; content:"GET"; http_method; content:"/v/233_faogvkghvqn"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ferreiragascuritiba.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297148/; classtype:trojan-activity;sid:84160248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.72.213.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297147/; classtype:trojan-activity;sid:84160247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297146)"; flow:established,from_client; content:"GET"; http_method; content:"/v/233_faogvkghvqn"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ferreiragascuritiba.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297146/; classtype:trojan-activity;sid:84160246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.209.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297145/; classtype:trojan-activity;sid:84160245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.10.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297144/; classtype:trojan-activity;sid:84160244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.86.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297143/; classtype:trojan-activity;sid:84160243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.179.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297142/; classtype:trojan-activity;sid:84160242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.69.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297141/; classtype:trojan-activity;sid:84160241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.39.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297140/; classtype:trojan-activity;sid:84160240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.4.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297139/; classtype:trojan-activity;sid:84160239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.102.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297138/; classtype:trojan-activity;sid:84160238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.87.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297137/; classtype:trojan-activity;sid:84160237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.103.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297136/; classtype:trojan-activity;sid:84160236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.96.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297135/; classtype:trojan-activity;sid:84160235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.166.116.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297134/; classtype:trojan-activity;sid:84160234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.238.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297133/; classtype:trojan-activity;sid:84160233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.44.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297132/; classtype:trojan-activity;sid:84160232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.58.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297130/; classtype:trojan-activity;sid:84160230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.180.191.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297131/; classtype:trojan-activity;sid:84160231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297129/; classtype:trojan-activity;sid:84160229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.139.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297128/; classtype:trojan-activity;sid:84160228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.66.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297127/; classtype:trojan-activity;sid:84160227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.11.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297126/; classtype:trojan-activity;sid:84160226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297125/; classtype:trojan-activity;sid:84160225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297124)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"73.87.50.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297124/; classtype:trojan-activity;sid:84160224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.112.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297123/; classtype:trojan-activity;sid:84160223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.45.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297122/; classtype:trojan-activity;sid:84160222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.90.107.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297121/; classtype:trojan-activity;sid:84160221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.57.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297120/; classtype:trojan-activity;sid:84160220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.189.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297119/; classtype:trojan-activity;sid:84160219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.170.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297118/; classtype:trojan-activity;sid:84160218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.3.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297117/; classtype:trojan-activity;sid:84160217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.71.43.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297116/; classtype:trojan-activity;sid:84160216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.1.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297115/; classtype:trojan-activity;sid:84160215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.58.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297114/; classtype:trojan-activity;sid:84160214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.43.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297113/; classtype:trojan-activity;sid:84160213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.8.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297112/; classtype:trojan-activity;sid:84160212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.191.81.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297111/; classtype:trojan-activity;sid:84160211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.226.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297110/; classtype:trojan-activity;sid:84160210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.193.53.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297109/; classtype:trojan-activity;sid:84160209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.190.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297108/; classtype:trojan-activity;sid:84160208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.90.107.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297107/; classtype:trojan-activity;sid:84160207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.21.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297106/; classtype:trojan-activity;sid:84160206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.231.186.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297104/; classtype:trojan-activity;sid:84160204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.243.181.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297105/; classtype:trojan-activity;sid:84160205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.3.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297103/; classtype:trojan-activity;sid:84160203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.226.36.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297102/; classtype:trojan-activity;sid:84160202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.210.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297100/; classtype:trojan-activity;sid:84160200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.212.234.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297101/; classtype:trojan-activity;sid:84160201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.105.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297099/; classtype:trojan-activity;sid:84160199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.255.149.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297098/; classtype:trojan-activity;sid:84160198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.134.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297097/; classtype:trojan-activity;sid:84160197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.39.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297096/; classtype:trojan-activity;sid:84160196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.226.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297095/; classtype:trojan-activity;sid:84160195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.5.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297094/; classtype:trojan-activity;sid:84160194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.207.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297092/; classtype:trojan-activity;sid:84160192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.190.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297093/; classtype:trojan-activity;sid:84160193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.57.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297091/; classtype:trojan-activity;sid:84160191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.180.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297090/; classtype:trojan-activity;sid:84160190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.231.186.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297089/; classtype:trojan-activity;sid:84160189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.211.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297088/; classtype:trojan-activity;sid:84160188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297087)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.31.191.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297087/; classtype:trojan-activity;sid:84160187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.255.149.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297086/; classtype:trojan-activity;sid:84160186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.172.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297085/; classtype:trojan-activity;sid:84160185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.8.110.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297084/; classtype:trojan-activity;sid:84160184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297083)"; flow:established,from_client; content:"GET"; http_method; content:"/api/files/_ddldpxvx"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"api.ewfiles.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297083/; classtype:trojan-activity;sid:84160183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.75.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297082/; classtype:trojan-activity;sid:84160182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.184.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297080/; classtype:trojan-activity;sid:84160180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.167.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297081/; classtype:trojan-activity;sid:84160181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.45.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297079/; classtype:trojan-activity;sid:84160179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.207.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297078/; classtype:trojan-activity;sid:84160178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.21.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297077/; classtype:trojan-activity;sid:84160177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.9.154"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297076/; classtype:trojan-activity;sid:84160176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.106.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297075/; classtype:trojan-activity;sid:84160175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297074)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.221.76.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297074/; classtype:trojan-activity;sid:84160174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297073)"; flow:established,from_client; content:"GET"; http_method; content:"/api/files/wft6esfut"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"api.ewfiles.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297073/; classtype:trojan-activity;sid:84160173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297072)"; flow:established,from_client; content:"GET"; http_method; content:"/api/files/x8kuhjgo6"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"api.ewfiles.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297072/; classtype:trojan-activity;sid:84160172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.252.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297071/; classtype:trojan-activity;sid:84160171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297070)"; flow:established,from_client; content:"GET"; http_method; content:"/api/files/v3ja0e0bs"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"api.ewfiles.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297070/; classtype:trojan-activity;sid:84160170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297069)"; flow:established,from_client; content:"GET"; http_method; content:"/api/files/7m7gsdepl"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"api.ewfiles.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297069/; classtype:trojan-activity;sid:84160169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297067)"; flow:established,from_client; content:"GET"; http_method; content:"/api/files/y2neibvzn"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"api.ewfiles.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297067/; classtype:trojan-activity;sid:84160167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297068)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kefttaeb"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297068/; classtype:trojan-activity;sid:84160168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.162.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297066/; classtype:trojan-activity;sid:84160166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.65.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297065/; classtype:trojan-activity;sid:84160165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.228.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297064/; classtype:trojan-activity;sid:84160164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.22.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297063/; classtype:trojan-activity;sid:84160163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297062)"; flow:established,from_client; content:"GET"; http_method; content:"/guidanceconnectors.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"150.241.91.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297062/; classtype:trojan-activity;sid:84160162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.210.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297061/; classtype:trojan-activity;sid:84160161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.123.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297060/; classtype:trojan-activity;sid:84160160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297056)"; flow:established,from_client; content:"GET"; http_method; content:"/part4.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"garhoudjourm.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297056/; classtype:trojan-activity;sid:84160156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.210.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297057/; classtype:trojan-activity;sid:84160157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297058)"; flow:established,from_client; content:"GET"; http_method; content:"/part3.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"garhoudjourm.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297058/; classtype:trojan-activity;sid:84160158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.198.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297059/; classtype:trojan-activity;sid:84160159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297055)"; flow:established,from_client; content:"GET"; http_method; content:"/part2.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"garhoudjourm.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297055/; classtype:trojan-activity;sid:84160155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.240.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297054/; classtype:trojan-activity;sid:84160154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297053)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297053/; classtype:trojan-activity;sid:84160153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297052/; classtype:trojan-activity;sid:84160152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297051/; classtype:trojan-activity;sid:84160151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.203.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297050/; classtype:trojan-activity;sid:84160150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.158.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297049/; classtype:trojan-activity;sid:84160149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297048)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/wer/we/seemybestoptionforentiretimegivenmebackwith______suchagreatthignswithentiretimewithmegood______seethebestthignsalwaysgivnebestthigns.doc"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"66.63.187.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297048/; classtype:trojan-activity;sid:84160148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.210.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297047/; classtype:trojan-activity;sid:84160147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.35.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297046/; classtype:trojan-activity;sid:84160146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297045)"; flow:established,from_client; content:"GET"; http_method; content:"/33/caspol.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"66.63.187.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297045/; classtype:trojan-activity;sid:84160145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.193.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297044/; classtype:trojan-activity;sid:84160144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297043)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/wer/goodtoseeuthatgreatthingswithentirethingsgreatfor.hta"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"66.63.187.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297043/; classtype:trojan-activity;sid:84160143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.3.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297042/; classtype:trojan-activity;sid:84160142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.101.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297041/; classtype:trojan-activity;sid:84160141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.9.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297039/; classtype:trojan-activity;sid:84160139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.34.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297040/; classtype:trojan-activity;sid:84160140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.5.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297038/; classtype:trojan-activity;sid:84160138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.198.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297037/; classtype:trojan-activity;sid:84160137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297036/; classtype:trojan-activity;sid:84160136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.158.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297035/; classtype:trojan-activity;sid:84160135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.102.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297034/; classtype:trojan-activity;sid:84160134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.58.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297033/; classtype:trojan-activity;sid:84160133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.189.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297032/; classtype:trojan-activity;sid:84160132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.142.157.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297031/; classtype:trojan-activity;sid:84160131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.104.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297030/; classtype:trojan-activity;sid:84160130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.103.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297029/; classtype:trojan-activity;sid:84160129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.138.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297028/; classtype:trojan-activity;sid:84160128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.142.157.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297027/; classtype:trojan-activity;sid:84160127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.86.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297026/; classtype:trojan-activity;sid:84160126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.95.139.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297025/; classtype:trojan-activity;sid:84160125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.25.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297024/; classtype:trojan-activity;sid:84160124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.221.225.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297023/; classtype:trojan-activity;sid:84160123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.246.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297022/; classtype:trojan-activity;sid:84160122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.103.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297021/; classtype:trojan-activity;sid:84160121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.201.111.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297020/; classtype:trojan-activity;sid:84160120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.60.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297019/; classtype:trojan-activity;sid:84160119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.15.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297018/; classtype:trojan-activity;sid:84160118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.123.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297017/; classtype:trojan-activity;sid:84160117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.86.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297016/; classtype:trojan-activity;sid:84160116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.231.166.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297015/; classtype:trojan-activity;sid:84160115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297014)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.133.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297014/; classtype:trojan-activity;sid:84160114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297013)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297013/; classtype:trojan-activity;sid:84160113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.185.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297012/; classtype:trojan-activity;sid:84160112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.19.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297011/; classtype:trojan-activity;sid:84160111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.5.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297010/; classtype:trojan-activity;sid:84160110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.4.224.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297009/; classtype:trojan-activity;sid:84160109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.205.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297008/; classtype:trojan-activity;sid:84160108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.232.65.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297007/; classtype:trojan-activity;sid:84160107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.243.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297006/; classtype:trojan-activity;sid:84160106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.60.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297005/; classtype:trojan-activity;sid:84160105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.76.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297004/; classtype:trojan-activity;sid:84160104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.60.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297003/; classtype:trojan-activity;sid:84160103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297002/; classtype:trojan-activity;sid:84160102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.35.12.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297001/; classtype:trojan-activity;sid:84160101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.87.78.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297000/; classtype:trojan-activity;sid:84160100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.50.168.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296999/; classtype:trojan-activity;sid:84160099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.5.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296998/; classtype:trojan-activity;sid:84160098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.35.12.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296997/; classtype:trojan-activity;sid:84160097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.218.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296995/; classtype:trojan-activity;sid:84160095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.38.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296996/; classtype:trojan-activity;sid:84160096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.205.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296994/; classtype:trojan-activity;sid:84160094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.46.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296993/; classtype:trojan-activity;sid:84160093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.50.168.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296992/; classtype:trojan-activity;sid:84160092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.117.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296991/; classtype:trojan-activity;sid:84160091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.49.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296990/; classtype:trojan-activity;sid:84160090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.229.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296989/; classtype:trojan-activity;sid:84160089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.4.224.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296988/; classtype:trojan-activity;sid:84160088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296987)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.174.150.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296987/; classtype:trojan-activity;sid:84160087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.89.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296986/; classtype:trojan-activity;sid:84160086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.87.177.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296985/; classtype:trojan-activity;sid:84160085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.38.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296984/; classtype:trojan-activity;sid:84160084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.126.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296983/; classtype:trojan-activity;sid:84160083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.88.2.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296982/; classtype:trojan-activity;sid:84160082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.51.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296981/; classtype:trojan-activity;sid:84160081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.170.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296980/; classtype:trojan-activity;sid:84160080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.6.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296979/; classtype:trojan-activity;sid:84160079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.126.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296978/; classtype:trojan-activity;sid:84160078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.227.17.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296977/; classtype:trojan-activity;sid:84160077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.146.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296975/; classtype:trojan-activity;sid:84160075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.116.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296976/; classtype:trojan-activity;sid:84160076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296974/; classtype:trojan-activity;sid:84160074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.218.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296973/; classtype:trojan-activity;sid:84160073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.65.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296972/; classtype:trojan-activity;sid:84160072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.117.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296971/; classtype:trojan-activity;sid:84160071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.49.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296970/; classtype:trojan-activity;sid:84160070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.65.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296968/; classtype:trojan-activity;sid:84160068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.51.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296969/; classtype:trojan-activity;sid:84160069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.126.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296967/; classtype:trojan-activity;sid:84160067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.148.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296966/; classtype:trojan-activity;sid:84160066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.6.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296965/; classtype:trojan-activity;sid:84160065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.215.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296964/; classtype:trojan-activity;sid:84160064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.181.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296963/; classtype:trojan-activity;sid:84160063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.231.166.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296962/; classtype:trojan-activity;sid:84160062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296961/; classtype:trojan-activity;sid:84160061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.210.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296959/; classtype:trojan-activity;sid:84160059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.215.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296960/; classtype:trojan-activity;sid:84160060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.226.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296958/; classtype:trojan-activity;sid:84160058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.231.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296957/; classtype:trojan-activity;sid:84160057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.135.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296956/; classtype:trojan-activity;sid:84160056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.86.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296955/; classtype:trojan-activity;sid:84160055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.67.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296954/; classtype:trojan-activity;sid:84160054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.118.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296953/; classtype:trojan-activity;sid:84160053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.245.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296951/; classtype:trojan-activity;sid:84160051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.45.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296952/; classtype:trojan-activity;sid:84160052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.196.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296950/; classtype:trojan-activity;sid:84160050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.91.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296949/; classtype:trojan-activity;sid:84160049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296948)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"222.246.124.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296948/; classtype:trojan-activity;sid:84160048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.92.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296947/; classtype:trojan-activity;sid:84160047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.21.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296946/; classtype:trojan-activity;sid:84160046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.87.124"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296945/; classtype:trojan-activity;sid:84160045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.118.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296944/; classtype:trojan-activity;sid:84160044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296943)"; flow:established,from_client; content:"GET"; http_method; content:"/55/caspol.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"192.3.243.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296943/; classtype:trojan-activity;sid:84160043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.100.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296941/; classtype:trojan-activity;sid:84160041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296942)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/swm/sw/greetingwithgreatthignsgivenbackwithentireprocessgivenmeback.hta"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"192.3.243.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296942/; classtype:trojan-activity;sid:84160042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296940)"; flow:established,from_client; content:"GET"; http_method; content:"/d/r0pct/0"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296940/; classtype:trojan-activity;sid:84160040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296939)"; flow:established,from_client; content:"GET"; http_method; content:"/part1.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"garhoudjourm.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296939/; classtype:trojan-activity;sid:84160039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296937)"; flow:established,from_client; content:"GET"; http_method; content:"/part.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"garhoudjourm.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296937/; classtype:trojan-activity;sid:84160037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296938)"; flow:established,from_client; content:"GET"; http_method; content:"/352/seethebestthingswithgreatsituationshandletotheprogress.hta"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"192.3.22.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296938/; classtype:trojan-activity;sid:84160038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296936)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/se/seethebestthingsentiretimewithgreatthingswithloverkiss.tif"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"192.3.22.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296936/; classtype:trojan-activity;sid:84160036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296935)"; flow:established,from_client; content:"GET"; http_method; content:"/d/lxvbq"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296935/; classtype:trojan-activity;sid:84160035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.122.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296933/; classtype:trojan-activity;sid:84160033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.234.200.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296934/; classtype:trojan-activity;sid:84160034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.231.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296932/; classtype:trojan-activity;sid:84160032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.8.110.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296931/; classtype:trojan-activity;sid:84160031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.133.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296929/; classtype:trojan-activity;sid:84160029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.72.179.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296930/; classtype:trojan-activity;sid:84160030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.5.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296928/; classtype:trojan-activity;sid:84160028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.222.199.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296927/; classtype:trojan-activity;sid:84160027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.214.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296925/; classtype:trojan-activity;sid:84160025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.102.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296926/; classtype:trojan-activity;sid:84160026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.107.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296924/; classtype:trojan-activity;sid:84160024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.150.42.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296922/; classtype:trojan-activity;sid:84160022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.64.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296923/; classtype:trojan-activity;sid:84160023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296921)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kuotc.staff.plenarykcg.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296921/; classtype:trojan-activity;sid:84160021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.200.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296919/; classtype:trojan-activity;sid:84160019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.206.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296920/; classtype:trojan-activity;sid:84160020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.182.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296917/; classtype:trojan-activity;sid:84160017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.247.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296918/; classtype:trojan-activity;sid:84160018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.27.180"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296916/; classtype:trojan-activity;sid:84160016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.25.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296915/; classtype:trojan-activity;sid:84160015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.122.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296914/; classtype:trojan-activity;sid:84160014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.217.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296913/; classtype:trojan-activity;sid:84160013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.248.74.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296912/; classtype:trojan-activity;sid:84160012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.31.191.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296911/; classtype:trojan-activity;sid:84160011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.146.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296910/; classtype:trojan-activity;sid:84160010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.153.69.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296909/; classtype:trojan-activity;sid:84160009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296908)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/rrrrooosaa-1318a.appspot.com/o/simit%20minstransportes%20multas%2ffoto%20multas%20simit-pdf.bz2|3f|alt=media|7c|26|7c|token=78c2f0d5-34ef-49eb-9805-33f0c66f9af6"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296908/; classtype:trojan-activity;sid:84160008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.86.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296907/; classtype:trojan-activity;sid:84160007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.199.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296905/; classtype:trojan-activity;sid:84160005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296906)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/5txbd4verkm5fdvdtj1fs/proceso_judicial_por-_demanda_laboral_rdo-40032021-00235.7z|3f|rlkey=q323zc93uldt2nx4m3ck87w4c|7c|26|7c|st=l69yy83u|7c|26|7c|dl=1"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296906/; classtype:trojan-activity;sid:84160006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296903)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/rrrrooosaa-1318a.appspot.com/o/fiscalias%20citaciones%2ffiscalia%20citacion%20judicial-pdf.bz2|3f|alt=media|7c|26|7c|token=84c58142-14d9-411f-bef0-805e2d23905e"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296903/; classtype:trojan-activity;sid:84160003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.35.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296904/; classtype:trojan-activity;sid:84160004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296900)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/hpp7n4o867rqnzngaotlf/notificaci-n-electr-nica-agradecemos-confirmar-recibido-numero-de-rad-456468-1531-6516-3213568-000-"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296900/; classtype:trojan-activity;sid:84160000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296901)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/hpp7n4o867rqnzngaotlf/notificaci-n-electr-nica-agradecemos-confirmar-recibido"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296901/; classtype:trojan-activity;sid:84160001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296902)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sr6iahjfflmmtldoaxqnudqwyc7q5mqg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296902/; classtype:trojan-activity;sid:84160002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.42.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296897/; classtype:trojan-activity;sid:84159997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296898/; classtype:trojan-activity;sid:84159998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.116.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296899/; classtype:trojan-activity;sid:84159999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.13.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296896/; classtype:trojan-activity;sid:84159996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.134.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296894/; classtype:trojan-activity;sid:84159994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.107.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296895/; classtype:trojan-activity;sid:84159995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.58.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296893/; classtype:trojan-activity;sid:84159993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.247.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296892/; classtype:trojan-activity;sid:84159992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.25.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296891/; classtype:trojan-activity;sid:84159991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.75.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296890/; classtype:trojan-activity;sid:84159990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.214.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296888/; classtype:trojan-activity;sid:84159988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.35.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296889/; classtype:trojan-activity;sid:84159989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.27.180"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296887/; classtype:trojan-activity;sid:84159987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296886/; classtype:trojan-activity;sid:84159986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.193.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296885/; classtype:trojan-activity;sid:84159985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.199.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296884/; classtype:trojan-activity;sid:84159984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.153.69.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296883/; classtype:trojan-activity;sid:84159983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.167.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296882/; classtype:trojan-activity;sid:84159982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.230.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296881/; classtype:trojan-activity;sid:84159981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.86.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296880/; classtype:trojan-activity;sid:84159980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.207.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296879/; classtype:trojan-activity;sid:84159979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.116.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296878/; classtype:trojan-activity;sid:84159978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.131.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296877/; classtype:trojan-activity;sid:84159977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.87.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296876/; classtype:trojan-activity;sid:84159976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.89.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296875/; classtype:trojan-activity;sid:84159975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.33.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296874/; classtype:trojan-activity;sid:84159974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.123.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296873/; classtype:trojan-activity;sid:84159973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296871/; classtype:trojan-activity;sid:84159971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.42.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296872/; classtype:trojan-activity;sid:84159972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.113.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296870/; classtype:trojan-activity;sid:84159970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.255.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296869/; classtype:trojan-activity;sid:84159969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.154.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296867/; classtype:trojan-activity;sid:84159967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296868)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.15.55.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296868/; classtype:trojan-activity;sid:84159968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.33.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296865/; classtype:trojan-activity;sid:84159965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296866/; classtype:trojan-activity;sid:84159966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.35.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296863/; classtype:trojan-activity;sid:84159963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296864/; classtype:trojan-activity;sid:84159964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.114.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296862/; classtype:trojan-activity;sid:84159962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.120.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296861/; classtype:trojan-activity;sid:84159961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.189.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296860/; classtype:trojan-activity;sid:84159960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.39.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296859/; classtype:trojan-activity;sid:84159959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296858/; classtype:trojan-activity;sid:84159958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.16.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296856/; classtype:trojan-activity;sid:84159956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296857)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.47.122.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296857/; classtype:trojan-activity;sid:84159957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.55.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296855/; classtype:trojan-activity;sid:84159955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.230.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296854/; classtype:trojan-activity;sid:84159954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.250.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296853/; classtype:trojan-activity;sid:84159953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.123.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296852/; classtype:trojan-activity;sid:84159952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.33.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296851/; classtype:trojan-activity;sid:84159951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.122.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296850/; classtype:trojan-activity;sid:84159950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.146.237.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296848/; classtype:trojan-activity;sid:84159948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.212.234.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296849/; classtype:trojan-activity;sid:84159949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296847)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.59.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296847/; classtype:trojan-activity;sid:84159947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.70.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296846/; classtype:trojan-activity;sid:84159946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.185.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296845/; classtype:trojan-activity;sid:84159945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.91.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296844/; classtype:trojan-activity;sid:84159944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.255.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296843/; classtype:trojan-activity;sid:84159943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.92.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296842/; classtype:trojan-activity;sid:84159942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.42.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296841/; classtype:trojan-activity;sid:84159941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.179.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296840/; classtype:trojan-activity;sid:84159940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.60.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296839/; classtype:trojan-activity;sid:84159939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.16.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296838/; classtype:trojan-activity;sid:84159938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.91.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296837/; classtype:trojan-activity;sid:84159937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.55.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296836/; classtype:trojan-activity;sid:84159936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.150.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296835/; classtype:trojan-activity;sid:84159935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.58.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296833/; classtype:trojan-activity;sid:84159933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.107.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296834/; classtype:trojan-activity;sid:84159934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296831/; classtype:trojan-activity;sid:84159931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.104.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296832/; classtype:trojan-activity;sid:84159932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.63.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296830/; classtype:trojan-activity;sid:84159930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.122.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296829/; classtype:trojan-activity;sid:84159929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.46.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296828/; classtype:trojan-activity;sid:84159928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.5.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296826/; classtype:trojan-activity;sid:84159926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.48.159"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296827/; classtype:trojan-activity;sid:84159927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296825)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.138.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296825/; classtype:trojan-activity;sid:84159925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.8.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296824/; classtype:trojan-activity;sid:84159924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.22.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296822/; classtype:trojan-activity;sid:84159922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.10.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296823/; classtype:trojan-activity;sid:84159923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296821)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296821/; classtype:trojan-activity;sid:84159921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.46.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296820/; classtype:trojan-activity;sid:84159920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.150.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296819/; classtype:trojan-activity;sid:84159919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.125.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296818/; classtype:trojan-activity;sid:84159918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.75.182.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296817/; classtype:trojan-activity;sid:84159917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.97.110.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296816/; classtype:trojan-activity;sid:84159916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.11.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296815/; classtype:trojan-activity;sid:84159915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296814/; classtype:trojan-activity;sid:84159914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.178.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296813/; classtype:trojan-activity;sid:84159913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.66.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296812/; classtype:trojan-activity;sid:84159912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.41.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296811/; classtype:trojan-activity;sid:84159911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.88.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296810/; classtype:trojan-activity;sid:84159910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.150.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296809/; classtype:trojan-activity;sid:84159909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.195.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296808/; classtype:trojan-activity;sid:84159908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.11.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296807/; classtype:trojan-activity;sid:84159907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296806/; classtype:trojan-activity;sid:84159906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296805/; classtype:trojan-activity;sid:84159905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.135.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296804/; classtype:trojan-activity;sid:84159904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.75.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296803/; classtype:trojan-activity;sid:84159903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.131.92.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296802/; classtype:trojan-activity;sid:84159902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.41.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296801/; classtype:trojan-activity;sid:84159901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.120.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296800/; classtype:trojan-activity;sid:84159900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.149.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296799/; classtype:trojan-activity;sid:84159899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.72.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296798/; classtype:trojan-activity;sid:84159898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"96.33.218.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296796/; classtype:trojan-activity;sid:84159896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296797)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.202.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296797/; classtype:trojan-activity;sid:84159897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.200.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296795/; classtype:trojan-activity;sid:84159895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.193.53.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296794/; classtype:trojan-activity;sid:84159894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.178.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296793/; classtype:trojan-activity;sid:84159893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.131.163.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296792/; classtype:trojan-activity;sid:84159892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.125.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296791/; classtype:trojan-activity;sid:84159891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296790/; classtype:trojan-activity;sid:84159890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.113.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296789/; classtype:trojan-activity;sid:84159889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.116.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296788/; classtype:trojan-activity;sid:84159888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296787/; classtype:trojan-activity;sid:84159887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.30.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296786/; classtype:trojan-activity;sid:84159886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.100.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296785/; classtype:trojan-activity;sid:84159885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.120.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296784/; classtype:trojan-activity;sid:84159884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.79.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296783/; classtype:trojan-activity;sid:84159883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.101.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296780/; classtype:trojan-activity;sid:84159880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.161.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296781/; classtype:trojan-activity;sid:84159881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.148.199.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296782/; classtype:trojan-activity;sid:84159882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.54.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296779/; classtype:trojan-activity;sid:84159879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.66.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296778/; classtype:trojan-activity;sid:84159878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.244.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296777/; classtype:trojan-activity;sid:84159877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.46.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296776/; classtype:trojan-activity;sid:84159876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.42.124.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296775/; classtype:trojan-activity;sid:84159875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.248.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296774/; classtype:trojan-activity;sid:84159874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.178.125.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296773/; classtype:trojan-activity;sid:84159873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.38.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296772/; classtype:trojan-activity;sid:84159872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.191.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296771/; classtype:trojan-activity;sid:84159871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.207.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296769/; classtype:trojan-activity;sid:84159869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296770/; classtype:trojan-activity;sid:84159870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.206.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296768/; classtype:trojan-activity;sid:84159868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.139.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296767/; classtype:trojan-activity;sid:84159867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.27.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296766/; classtype:trojan-activity;sid:84159866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.113.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296764/; classtype:trojan-activity;sid:84159864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.131.163.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296765/; classtype:trojan-activity;sid:84159865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.30.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296763/; classtype:trojan-activity;sid:84159863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.9.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296762/; classtype:trojan-activity;sid:84159862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.75.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296761/; classtype:trojan-activity;sid:84159861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.65.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296760/; classtype:trojan-activity;sid:84159860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.44.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296759/; classtype:trojan-activity;sid:84159859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296758/; classtype:trojan-activity;sid:84159858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.23.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296757/; classtype:trojan-activity;sid:84159857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.26.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296756/; classtype:trojan-activity;sid:84159856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.239.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296755/; classtype:trojan-activity;sid:84159855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.6.91.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296754/; classtype:trojan-activity;sid:84159854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.196.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296752/; classtype:trojan-activity;sid:84159852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.46.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296753/; classtype:trojan-activity;sid:84159853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.188.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296751/; classtype:trojan-activity;sid:84159851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.117.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296750/; classtype:trojan-activity;sid:84159850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.108.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296749/; classtype:trojan-activity;sid:84159849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.116.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296748/; classtype:trojan-activity;sid:84159848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.199.98.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296747/; classtype:trojan-activity;sid:84159847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296746/; classtype:trojan-activity;sid:84159846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.71.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296745/; classtype:trojan-activity;sid:84159845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.227.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296744/; classtype:trojan-activity;sid:84159844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.125.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296743/; classtype:trojan-activity;sid:84159843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.43.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296742/; classtype:trojan-activity;sid:84159842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296741/; classtype:trojan-activity;sid:84159841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.91.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296740/; classtype:trojan-activity;sid:84159840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.199.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296739/; classtype:trojan-activity;sid:84159839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.65.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296738/; classtype:trojan-activity;sid:84159838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.104.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296737/; classtype:trojan-activity;sid:84159837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.130.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296736/; classtype:trojan-activity;sid:84159836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.9.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296734/; classtype:trojan-activity;sid:84159834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.58.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296735/; classtype:trojan-activity;sid:84159835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296733/; classtype:trojan-activity;sid:84159833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.83.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296732/; classtype:trojan-activity;sid:84159832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296731/; classtype:trojan-activity;sid:84159831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.88.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296730/; classtype:trojan-activity;sid:84159830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.177.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296729/; classtype:trojan-activity;sid:84159829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.31.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296728/; classtype:trojan-activity;sid:84159828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.118.91.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296727/; classtype:trojan-activity;sid:84159827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296726/; classtype:trojan-activity;sid:84159826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.227.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296725/; classtype:trojan-activity;sid:84159825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296723/; classtype:trojan-activity;sid:84159823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.251.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296724/; classtype:trojan-activity;sid:84159824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296722/; classtype:trojan-activity;sid:84159822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.114.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296721/; classtype:trojan-activity;sid:84159821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.178.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296720/; classtype:trojan-activity;sid:84159820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.36.133.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296719/; classtype:trojan-activity;sid:84159819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.107.92.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296718/; classtype:trojan-activity;sid:84159818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.217.246.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296717/; classtype:trojan-activity;sid:84159817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.65.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296716/; classtype:trojan-activity;sid:84159816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.96.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296715/; classtype:trojan-activity;sid:84159815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.114.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296714/; classtype:trojan-activity;sid:84159814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.135.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296713/; classtype:trojan-activity;sid:84159813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.252.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296712/; classtype:trojan-activity;sid:84159812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.66.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296711/; classtype:trojan-activity;sid:84159811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.63.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296709/; classtype:trojan-activity;sid:84159809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296710/; classtype:trojan-activity;sid:84159810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296708/; classtype:trojan-activity;sid:84159808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.42.74.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296707/; classtype:trojan-activity;sid:84159807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.42.74.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296706/; classtype:trojan-activity;sid:84159806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.217.79.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296705/; classtype:trojan-activity;sid:84159805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.180.107.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296704/; classtype:trojan-activity;sid:84159804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.194.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296703/; classtype:trojan-activity;sid:84159803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.28.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296701/; classtype:trojan-activity;sid:84159801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.224.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296702/; classtype:trojan-activity;sid:84159802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.89.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296700/; classtype:trojan-activity;sid:84159800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.217.246.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296698/; classtype:trojan-activity;sid:84159798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.41.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296699/; classtype:trojan-activity;sid:84159799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.230.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296697/; classtype:trojan-activity;sid:84159797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.34.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296696/; classtype:trojan-activity;sid:84159796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.96.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296695/; classtype:trojan-activity;sid:84159795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.156.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296694/; classtype:trojan-activity;sid:84159794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.223.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296693/; classtype:trojan-activity;sid:84159793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.186.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296692/; classtype:trojan-activity;sid:84159792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.63.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296691/; classtype:trojan-activity;sid:84159791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.247.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296690/; classtype:trojan-activity;sid:84159790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.100.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296689/; classtype:trojan-activity;sid:84159789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.34.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296688/; classtype:trojan-activity;sid:84159788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.232.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296685/; classtype:trojan-activity;sid:84159785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.224.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296686/; classtype:trojan-activity;sid:84159786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.42.243.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296687/; classtype:trojan-activity;sid:84159787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.53.223.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296683/; classtype:trojan-activity;sid:84159783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.107.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296684/; classtype:trojan-activity;sid:84159784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296682/; classtype:trojan-activity;sid:84159782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.178.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296681/; classtype:trojan-activity;sid:84159781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.12.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296680/; classtype:trojan-activity;sid:84159780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.89.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296679/; classtype:trojan-activity;sid:84159779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.14.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296678/; classtype:trojan-activity;sid:84159778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.249.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296677/; classtype:trojan-activity;sid:84159777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.151.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296676/; classtype:trojan-activity;sid:84159776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.12.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296675/; classtype:trojan-activity;sid:84159775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.230.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296674/; classtype:trojan-activity;sid:84159774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.8.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296672/; classtype:trojan-activity;sid:84159772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.31.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296673/; classtype:trojan-activity;sid:84159773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.12.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296671/; classtype:trojan-activity;sid:84159771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.253.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296670/; classtype:trojan-activity;sid:84159770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.34.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296669/; classtype:trojan-activity;sid:84159769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.116.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296668/; classtype:trojan-activity;sid:84159768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.129.208.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296667/; classtype:trojan-activity;sid:84159767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.121.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296666/; classtype:trojan-activity;sid:84159766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.88.152"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296665/; classtype:trojan-activity;sid:84159765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.146.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296664/; classtype:trojan-activity;sid:84159764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.56.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296663/; classtype:trojan-activity;sid:84159763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.57.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296662/; classtype:trojan-activity;sid:84159762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.126.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296661/; classtype:trojan-activity;sid:84159761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.138.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296660/; classtype:trojan-activity;sid:84159760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.99.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296658/; classtype:trojan-activity;sid:84159758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.53.223.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296659/; classtype:trojan-activity;sid:84159759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.86.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296657/; classtype:trojan-activity;sid:84159757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.12.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296656/; classtype:trojan-activity;sid:84159756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.217.188.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296654/; classtype:trojan-activity;sid:84159754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.249.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296655/; classtype:trojan-activity;sid:84159755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.253.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296653/; classtype:trojan-activity;sid:84159753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.22.21.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296652/; classtype:trojan-activity;sid:84159752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.237.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296651/; classtype:trojan-activity;sid:84159751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.127.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296650/; classtype:trojan-activity;sid:84159750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.29.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296649/; classtype:trojan-activity;sid:84159749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.206.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296648/; classtype:trojan-activity;sid:84159748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.153.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296647/; classtype:trojan-activity;sid:84159747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.18.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296645/; classtype:trojan-activity;sid:84159745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.166.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296646/; classtype:trojan-activity;sid:84159746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.16.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296644/; classtype:trojan-activity;sid:84159744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.157.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296643/; classtype:trojan-activity;sid:84159743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.92.152.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296642/; classtype:trojan-activity;sid:84159742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.16.145"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296641/; classtype:trojan-activity;sid:84159741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.116.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296640/; classtype:trojan-activity;sid:84159740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.207.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296639/; classtype:trojan-activity;sid:84159739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.183.7.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296638/; classtype:trojan-activity;sid:84159738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.83.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296637/; classtype:trojan-activity;sid:84159737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.138.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296636/; classtype:trojan-activity;sid:84159736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.243.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296635/; classtype:trojan-activity;sid:84159735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.90.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296633/; classtype:trojan-activity;sid:84159733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.233.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296634/; classtype:trojan-activity;sid:84159734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.58.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296631/; classtype:trojan-activity;sid:84159731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.237.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296632/; classtype:trojan-activity;sid:84159732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.217.188.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296630/; classtype:trojan-activity;sid:84159730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.137.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296629/; classtype:trojan-activity;sid:84159729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.15.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296628/; classtype:trojan-activity;sid:84159728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.180.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296627/; classtype:trojan-activity;sid:84159727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.114.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296626/; classtype:trojan-activity;sid:84159726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.99.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296625/; classtype:trojan-activity;sid:84159725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.92.152.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296624/; classtype:trojan-activity;sid:84159724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.146.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296623/; classtype:trojan-activity;sid:84159723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.38.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296622/; classtype:trojan-activity;sid:84159722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.19.233"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296621/; classtype:trojan-activity;sid:84159721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.188.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296620/; classtype:trojan-activity;sid:84159720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.83.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296619/; classtype:trojan-activity;sid:84159719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296618/; classtype:trojan-activity;sid:84159718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.235.215.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296617/; classtype:trojan-activity;sid:84159717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.90.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296616/; classtype:trojan-activity;sid:84159716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296615)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cbpsendfi.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296615/; classtype:trojan-activity;sid:84159715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296614)"; flow:established,from_client; content:"GET"; http_method; content:"/cbp_warning.pdf.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cbpsendfi.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296614/; classtype:trojan-activity;sid:84159714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.15.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296613/; classtype:trojan-activity;sid:84159713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.65.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296612/; classtype:trojan-activity;sid:84159712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.247.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296610/; classtype:trojan-activity;sid:84159710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.233.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296611/; classtype:trojan-activity;sid:84159711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.137.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296609/; classtype:trojan-activity;sid:84159709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.125.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296608/; classtype:trojan-activity;sid:84159708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.166.217.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296607/; classtype:trojan-activity;sid:84159707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296604)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"138.197.188.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296604/; classtype:trojan-activity;sid:84159704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296605)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"138.197.188.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296605/; classtype:trojan-activity;sid:84159705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296606)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"138.197.188.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296606/; classtype:trojan-activity;sid:84159706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296601)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"138.197.188.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296601/; classtype:trojan-activity;sid:84159701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296602)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"138.197.188.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296602/; classtype:trojan-activity;sid:84159702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296603)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"138.197.188.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296603/; classtype:trojan-activity;sid:84159703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296596)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"138.197.188.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296596/; classtype:trojan-activity;sid:84159696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296597)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"138.197.188.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296597/; classtype:trojan-activity;sid:84159697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296598)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"138.197.188.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296598/; classtype:trojan-activity;sid:84159698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296599)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"138.197.188.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296599/; classtype:trojan-activity;sid:84159699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296600)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"138.197.188.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296600/; classtype:trojan-activity;sid:84159700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.87.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296595/; classtype:trojan-activity;sid:84159695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.175.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296594/; classtype:trojan-activity;sid:84159694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.88.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296593/; classtype:trojan-activity;sid:84159693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296592)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.47.122.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296592/; classtype:trojan-activity;sid:84159692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.125.123.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296591/; classtype:trojan-activity;sid:84159691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.114.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296590/; classtype:trojan-activity;sid:84159690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.83.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296588/; classtype:trojan-activity;sid:84159688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.22.21.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296589/; classtype:trojan-activity;sid:84159689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.235.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296587/; classtype:trojan-activity;sid:84159687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.36.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296586/; classtype:trojan-activity;sid:84159686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.84.143"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296585/; classtype:trojan-activity;sid:84159685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296583)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.226.169.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296583/; classtype:trojan-activity;sid:84159683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296584)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.226.169.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296584/; classtype:trojan-activity;sid:84159684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296581)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.226.169.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296581/; classtype:trojan-activity;sid:84159681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296582)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.226.169.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296582/; classtype:trojan-activity;sid:84159682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296572)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.226.169.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296572/; classtype:trojan-activity;sid:84159672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296573)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.226.169.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296573/; classtype:trojan-activity;sid:84159673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296574)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.226.169.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296574/; classtype:trojan-activity;sid:84159674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296575)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.226.169.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296575/; classtype:trojan-activity;sid:84159675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296576)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.226.169.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296576/; classtype:trojan-activity;sid:84159676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296577)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.226.169.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296577/; classtype:trojan-activity;sid:84159677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296578)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.226.169.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296578/; classtype:trojan-activity;sid:84159678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296579)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.226.169.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296579/; classtype:trojan-activity;sid:84159679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296580)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.226.169.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296580/; classtype:trojan-activity;sid:84159680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.86.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296571/; classtype:trojan-activity;sid:84159671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.108.157.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296570/; classtype:trojan-activity;sid:84159670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.83.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296569/; classtype:trojan-activity;sid:84159669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.86.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296568/; classtype:trojan-activity;sid:84159668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.247.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296567/; classtype:trojan-activity;sid:84159667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296566)"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.213.189.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296566/; classtype:trojan-activity;sid:84159666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.0.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296565/; classtype:trojan-activity;sid:84159665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296562)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/igxmodz.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"154.213.189.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296562/; classtype:trojan-activity;sid:84159662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296563)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/igxmodz.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.213.189.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296563/; classtype:trojan-activity;sid:84159663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296564)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/igxmodz.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.213.189.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296564/; classtype:trojan-activity;sid:84159664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296557)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/igxmodz.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.213.189.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296557/; classtype:trojan-activity;sid:84159657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296558)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/igxmodz.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.213.189.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296558/; classtype:trojan-activity;sid:84159658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296559)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/igxmodz.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.213.189.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296559/; classtype:trojan-activity;sid:84159659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296560)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/igxmodz.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"154.213.189.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296560/; classtype:trojan-activity;sid:84159660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296561)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/igxmodz.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.213.189.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296561/; classtype:trojan-activity;sid:84159661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296556)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/igxmodz.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"154.213.189.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296556/; classtype:trojan-activity;sid:84159656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296555)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/igxmodz.arm4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.213.189.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296555/; classtype:trojan-activity;sid:84159655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.243.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296552/; classtype:trojan-activity;sid:84159652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.121.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296553/; classtype:trojan-activity;sid:84159653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.192.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296554/; classtype:trojan-activity;sid:84159654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296551)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv5l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"172.111.38.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296551/; classtype:trojan-activity;sid:84159651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296550)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"172.111.38.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296550/; classtype:trojan-activity;sid:84159650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296541)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv6l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"172.111.38.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296541/; classtype:trojan-activity;sid:84159641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296542)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"172.111.38.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296542/; classtype:trojan-activity;sid:84159642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296543)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i586"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"172.111.38.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296543/; classtype:trojan-activity;sid:84159643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296544)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv4l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"172.111.38.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296544/; classtype:trojan-activity;sid:84159644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296545)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"172.111.38.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296545/; classtype:trojan-activity;sid:84159645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296546)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"172.111.38.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296546/; classtype:trojan-activity;sid:84159646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296547)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"172.111.38.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296547/; classtype:trojan-activity;sid:84159647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296548)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"172.111.38.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296548/; classtype:trojan-activity;sid:84159648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296549)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"172.111.38.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296549/; classtype:trojan-activity;sid:84159649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.18.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296539/; classtype:trojan-activity;sid:84159639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296540)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"172.111.38.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296540/; classtype:trojan-activity;sid:84159640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.170.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296538/; classtype:trojan-activity;sid:84159638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"65.172.242.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296537/; classtype:trojan-activity;sid:84159637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.175.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296535/; classtype:trojan-activity;sid:84159635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296536)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.8.217.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296536/; classtype:trojan-activity;sid:84159636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.64.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296534/; classtype:trojan-activity;sid:84159634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.36.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296533/; classtype:trojan-activity;sid:84159633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.192.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296532/; classtype:trojan-activity;sid:84159632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.85.33.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296531/; classtype:trojan-activity;sid:84159631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296530/; classtype:trojan-activity;sid:84159630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296528)"; flow:established,from_client; content:"GET"; http_method; content:"/work/xxx.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"eegqzvxd.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296528/; classtype:trojan-activity;sid:84159628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296529)"; flow:established,from_client; content:"GET"; http_method; content:"/work/xxx.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"viralnavigator.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296529/; classtype:trojan-activity;sid:84159629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.101.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296527/; classtype:trojan-activity;sid:84159627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.6.232"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296526/; classtype:trojan-activity;sid:84159626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.108.157.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296524/; classtype:trojan-activity;sid:84159624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.86.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296525/; classtype:trojan-activity;sid:84159625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.83.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296523/; classtype:trojan-activity;sid:84159623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.11.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296522/; classtype:trojan-activity;sid:84159622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.251.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296521/; classtype:trojan-activity;sid:84159621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.19.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296520/; classtype:trojan-activity;sid:84159620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.46.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296519/; classtype:trojan-activity;sid:84159619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.18.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296518/; classtype:trojan-activity;sid:84159618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.87.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296517/; classtype:trojan-activity;sid:84159617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.208.26.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296516/; classtype:trojan-activity;sid:84159616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.85.33.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296515/; classtype:trojan-activity;sid:84159615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.243.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296514/; classtype:trojan-activity;sid:84159614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.91.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296513/; classtype:trojan-activity;sid:84159613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.0.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296512/; classtype:trojan-activity;sid:84159612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.87.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296511/; classtype:trojan-activity;sid:84159611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.19.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296510/; classtype:trojan-activity;sid:84159610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.121.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296509/; classtype:trojan-activity;sid:84159609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.1.32"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296508/; classtype:trojan-activity;sid:84159608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.5.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296507/; classtype:trojan-activity;sid:84159607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.6.232"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296506/; classtype:trojan-activity;sid:84159606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.176.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296505/; classtype:trojan-activity;sid:84159605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.83.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296504/; classtype:trojan-activity;sid:84159604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.22.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296502/; classtype:trojan-activity;sid:84159602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.240.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296503/; classtype:trojan-activity;sid:84159603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.129.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296501/; classtype:trojan-activity;sid:84159601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.61.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296499/; classtype:trojan-activity;sid:84159599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.214.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296500/; classtype:trojan-activity;sid:84159600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.199.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296498/; classtype:trojan-activity;sid:84159598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296497/; classtype:trojan-activity;sid:84159597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296496/; classtype:trojan-activity;sid:84159596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.203.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296495/; classtype:trojan-activity;sid:84159595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.190.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296494/; classtype:trojan-activity;sid:84159594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.5.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296493/; classtype:trojan-activity;sid:84159593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.230.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296492/; classtype:trojan-activity;sid:84159592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296491/; classtype:trojan-activity;sid:84159591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.11.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296490/; classtype:trojan-activity;sid:84159590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.150.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296489/; classtype:trojan-activity;sid:84159589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.22.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296488/; classtype:trojan-activity;sid:84159588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.131.92.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296487/; classtype:trojan-activity;sid:84159587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.214.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296486/; classtype:trojan-activity;sid:84159586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.93.44.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296485/; classtype:trojan-activity;sid:84159585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.193.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296484/; classtype:trojan-activity;sid:84159584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.101.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296483/; classtype:trojan-activity;sid:84159583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.116.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296482/; classtype:trojan-activity;sid:84159582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296480/; classtype:trojan-activity;sid:84159580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.238.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296481/; classtype:trojan-activity;sid:84159581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.234.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296479/; classtype:trojan-activity;sid:84159579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.5.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296478/; classtype:trojan-activity;sid:84159578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.35.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296477/; classtype:trojan-activity;sid:84159577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.35.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296476/; classtype:trojan-activity;sid:84159576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.149.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296475/; classtype:trojan-activity;sid:84159575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.206.166.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296473/; classtype:trojan-activity;sid:84159573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.8.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296474/; classtype:trojan-activity;sid:84159574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.49.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296472/; classtype:trojan-activity;sid:84159572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.189.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296471/; classtype:trojan-activity;sid:84159571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.181.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296470/; classtype:trojan-activity;sid:84159570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.67.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296469/; classtype:trojan-activity;sid:84159569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.188.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296468/; classtype:trojan-activity;sid:84159568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.101.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296467/; classtype:trojan-activity;sid:84159567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.6.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296466/; classtype:trojan-activity;sid:84159566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.236.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296465/; classtype:trojan-activity;sid:84159565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296464/; classtype:trojan-activity;sid:84159564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.54.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296463/; classtype:trojan-activity;sid:84159563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.49.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296462/; classtype:trojan-activity;sid:84159562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.151.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296460/; classtype:trojan-activity;sid:84159560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.179.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296461/; classtype:trojan-activity;sid:84159561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.8.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296459/; classtype:trojan-activity;sid:84159559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.254.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296458/; classtype:trojan-activity;sid:84159558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.150.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296457/; classtype:trojan-activity;sid:84159557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.120.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296456/; classtype:trojan-activity;sid:84159556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.179.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296455/; classtype:trojan-activity;sid:84159555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.35.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296454/; classtype:trojan-activity;sid:84159554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.11.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296453/; classtype:trojan-activity;sid:84159553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.190.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296452/; classtype:trojan-activity;sid:84159552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.206.101.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296451/; classtype:trojan-activity;sid:84159551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.192.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296450/; classtype:trojan-activity;sid:84159550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.134.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296449/; classtype:trojan-activity;sid:84159549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.233.169.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296448/; classtype:trojan-activity;sid:84159548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.129.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296447/; classtype:trojan-activity;sid:84159547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.129.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296446/; classtype:trojan-activity;sid:84159546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.134.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296445/; classtype:trojan-activity;sid:84159545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.55.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296443/; classtype:trojan-activity;sid:84159543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296444)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.177.180.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296444/; classtype:trojan-activity;sid:84159544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.236.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296442/; classtype:trojan-activity;sid:84159542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296441)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"60.246.205.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296441/; classtype:trojan-activity;sid:84159541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.54.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296440/; classtype:trojan-activity;sid:84159540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.132.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296439/; classtype:trojan-activity;sid:84159539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.222.186.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296438/; classtype:trojan-activity;sid:84159538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.108.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296437/; classtype:trojan-activity;sid:84159537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.206.101.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296436/; classtype:trojan-activity;sid:84159536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.208.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296435/; classtype:trojan-activity;sid:84159535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.62.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296434/; classtype:trojan-activity;sid:84159534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296433/; classtype:trojan-activity;sid:84159533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.178.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296432/; classtype:trojan-activity;sid:84159532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.64.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296431/; classtype:trojan-activity;sid:84159531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.149.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296430/; classtype:trojan-activity;sid:84159530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.233.4.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296428/; classtype:trojan-activity;sid:84159528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.55.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296429/; classtype:trojan-activity;sid:84159529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.222.186.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296427/; classtype:trojan-activity;sid:84159527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.169.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296426/; classtype:trojan-activity;sid:84159526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.208.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296425/; classtype:trojan-activity;sid:84159525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.132.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296424/; classtype:trojan-activity;sid:84159524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.222.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296423/; classtype:trojan-activity;sid:84159523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.157.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296422/; classtype:trojan-activity;sid:84159522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.36.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296421/; classtype:trojan-activity;sid:84159521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.229.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296420/; classtype:trojan-activity;sid:84159520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.132.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296419/; classtype:trojan-activity;sid:84159519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.237.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296418/; classtype:trojan-activity;sid:84159518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.164.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296417/; classtype:trojan-activity;sid:84159517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.64.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296416/; classtype:trojan-activity;sid:84159516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.124.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296415/; classtype:trojan-activity;sid:84159515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.65.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296414/; classtype:trojan-activity;sid:84159514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.3.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296412/; classtype:trojan-activity;sid:84159512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.119.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296413/; classtype:trojan-activity;sid:84159513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.63.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296411/; classtype:trojan-activity;sid:84159511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.146.110.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296410/; classtype:trojan-activity;sid:84159510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.96.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296409/; classtype:trojan-activity;sid:84159509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.233.4.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296408/; classtype:trojan-activity;sid:84159508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.120.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296407/; classtype:trojan-activity;sid:84159507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.213.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296406/; classtype:trojan-activity;sid:84159506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.76.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296405/; classtype:trojan-activity;sid:84159505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296404/; classtype:trojan-activity;sid:84159504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296402)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.188.16.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296402/; classtype:trojan-activity;sid:84159502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.218.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296403/; classtype:trojan-activity;sid:84159503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.164.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296401/; classtype:trojan-activity;sid:84159501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.93.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296400/; classtype:trojan-activity;sid:84159500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.106.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296399/; classtype:trojan-activity;sid:84159499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.63.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296398/; classtype:trojan-activity;sid:84159498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296397)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"125.132.119.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296397/; classtype:trojan-activity;sid:84159497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.56.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296396/; classtype:trojan-activity;sid:84159496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.66.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296395/; classtype:trojan-activity;sid:84159495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.3.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296394/; classtype:trojan-activity;sid:84159494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.202.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296393/; classtype:trojan-activity;sid:84159493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.108.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296392/; classtype:trojan-activity;sid:84159492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.61.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296391/; classtype:trojan-activity;sid:84159491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.169.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296390/; classtype:trojan-activity;sid:84159490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.213.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296389/; classtype:trojan-activity;sid:84159489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.14.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296388/; classtype:trojan-activity;sid:84159488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.128.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296387/; classtype:trojan-activity;sid:84159487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296386)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.57.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296386/; classtype:trojan-activity;sid:84159486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.194.211.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296385/; classtype:trojan-activity;sid:84159485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.66.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296384/; classtype:trojan-activity;sid:84159484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296383)"; flow:established,from_client; content:"GET"; http_method; content:"/vmapi.pdf"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.58.56.243"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296383/; classtype:trojan-activity;sid:84159483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.3.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296381/; classtype:trojan-activity;sid:84159481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296380)"; flow:established,from_client; content:"GET"; http_method; content:"/download/tg-x64.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"telezgram.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296380/; classtype:trojan-activity;sid:84159480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296379)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.160.216.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296379/; classtype:trojan-activity;sid:84159479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.108.157.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296378/; classtype:trojan-activity;sid:84159478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.34.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296377/; classtype:trojan-activity;sid:84159477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.56.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296376/; classtype:trojan-activity;sid:84159476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.193.59.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296375/; classtype:trojan-activity;sid:84159475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.87.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296374/; classtype:trojan-activity;sid:84159474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.211.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296373/; classtype:trojan-activity;sid:84159473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.157.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296372/; classtype:trojan-activity;sid:84159472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.208.68.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296371/; classtype:trojan-activity;sid:84159471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.3.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296370/; classtype:trojan-activity;sid:84159470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296369/; classtype:trojan-activity;sid:84159469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.247.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296368/; classtype:trojan-activity;sid:84159468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.208.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296367/; classtype:trojan-activity;sid:84159467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.127.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296366/; classtype:trojan-activity;sid:84159466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.215.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296365/; classtype:trojan-activity;sid:84159465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.241.50.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296364/; classtype:trojan-activity;sid:84159464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.193.59.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296363/; classtype:trojan-activity;sid:84159463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.34.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296362/; classtype:trojan-activity;sid:84159462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.241.50.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296361/; classtype:trojan-activity;sid:84159461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.108.90.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296360/; classtype:trojan-activity;sid:84159460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.17.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296359/; classtype:trojan-activity;sid:84159459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.121.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296358/; classtype:trojan-activity;sid:84159458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.24.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296357/; classtype:trojan-activity;sid:84159457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296356)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296356/; classtype:trojan-activity;sid:84159456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.86.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296355/; classtype:trojan-activity;sid:84159455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296354)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.29.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296354/; classtype:trojan-activity;sid:84159454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.180.0.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296353/; classtype:trojan-activity;sid:84159453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.94.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296352/; classtype:trojan-activity;sid:84159452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.208.68.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296351/; classtype:trojan-activity;sid:84159451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.215.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296350/; classtype:trojan-activity;sid:84159450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.221.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296349/; classtype:trojan-activity;sid:84159449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.90.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296348/; classtype:trojan-activity;sid:84159448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.62.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296347/; classtype:trojan-activity;sid:84159447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296345/; classtype:trojan-activity;sid:84159445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.37.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296346/; classtype:trojan-activity;sid:84159446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.108.90.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296344/; classtype:trojan-activity;sid:84159444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296343)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.69.41.65"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296343/; classtype:trojan-activity;sid:84159443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.44.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296342/; classtype:trojan-activity;sid:84159442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.113.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296341/; classtype:trojan-activity;sid:84159441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.45.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296340/; classtype:trojan-activity;sid:84159440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.38.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296339/; classtype:trojan-activity;sid:84159439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.33.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296338/; classtype:trojan-activity;sid:84159438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296337)"; flow:established,from_client; content:"GET"; http_method; content:"/order-00908.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ssa-account.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296337/; classtype:trojan-activity;sid:84159437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.220.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296335/; classtype:trojan-activity;sid:84159435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296336)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"213.199.41.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296336/; classtype:trojan-activity;sid:84159436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296333)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.sparc"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"213.199.41.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296333/; classtype:trojan-activity;sid:84159433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296334)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mips64"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"213.199.41.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296334/; classtype:trojan-activity;sid:84159434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.229.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296332/; classtype:trojan-activity;sid:84159432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.145.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296331/; classtype:trojan-activity;sid:84159431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.70.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296330/; classtype:trojan-activity;sid:84159430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.22.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296329/; classtype:trojan-activity;sid:84159429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.100.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296328/; classtype:trojan-activity;sid:84159428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296327)"; flow:established,from_client; content:"GET"; http_method; content:"/gotocheckout"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"efr.strategies.mvpstrat.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296327/; classtype:trojan-activity;sid:84159427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.58.188.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296326/; classtype:trojan-activity;sid:84159426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.34.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296325/; classtype:trojan-activity;sid:84159425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.3.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296323/; classtype:trojan-activity;sid:84159423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296324/; classtype:trojan-activity;sid:84159424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.213.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296322/; classtype:trojan-activity;sid:84159422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.62.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296321/; classtype:trojan-activity;sid:84159421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.145.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296320/; classtype:trojan-activity;sid:84159420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.208.156.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296319/; classtype:trojan-activity;sid:84159419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.248.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296318/; classtype:trojan-activity;sid:84159418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.229.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296317/; classtype:trojan-activity;sid:84159417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.58.188.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296316/; classtype:trojan-activity;sid:84159416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.203.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296315/; classtype:trojan-activity;sid:84159415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.50.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296314/; classtype:trojan-activity;sid:84159414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.240.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296313/; classtype:trojan-activity;sid:84159413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.225.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296312/; classtype:trojan-activity;sid:84159412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.91.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296311/; classtype:trojan-activity;sid:84159411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.175.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296310/; classtype:trojan-activity;sid:84159410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296309/; classtype:trojan-activity;sid:84159409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.155.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296308/; classtype:trojan-activity;sid:84159408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.241.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296307/; classtype:trojan-activity;sid:84159407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.7.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296305/; classtype:trojan-activity;sid:84159405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.149.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296304/; classtype:trojan-activity;sid:84159404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.50.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296303/; classtype:trojan-activity;sid:84159403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.230.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296302/; classtype:trojan-activity;sid:84159402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.214.186.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296301/; classtype:trojan-activity;sid:84159401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.72.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296300/; classtype:trojan-activity;sid:84159400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.91.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296299/; classtype:trojan-activity;sid:84159399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296297)"; flow:established,from_client; content:"GET"; http_method; content:"/man%20-%20copy.bat"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"louise-monitors-mo-rating.trycloudflare.com"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296297/; classtype:trojan-activity;sid:84159397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296298)"; flow:established,from_client; content:"GET"; http_method; content:"/mainbas.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"louise-monitors-mo-rating.trycloudflare.com"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296298/; classtype:trojan-activity;sid:84159398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.14.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296296/; classtype:trojan-activity;sid:84159396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.183.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296295/; classtype:trojan-activity;sid:84159395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.62.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296294/; classtype:trojan-activity;sid:84159394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.175.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296293/; classtype:trojan-activity;sid:84159393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.224.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296292/; classtype:trojan-activity;sid:84159392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.53.98.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296291/; classtype:trojan-activity;sid:84159391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.72.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296290/; classtype:trojan-activity;sid:84159390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.19.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296289/; classtype:trojan-activity;sid:84159389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296287/; classtype:trojan-activity;sid:84159387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.239.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296288/; classtype:trojan-activity;sid:84159388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.93.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296286/; classtype:trojan-activity;sid:84159386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.125.123.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296284/; classtype:trojan-activity;sid:84159384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.166.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296285/; classtype:trojan-activity;sid:84159385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.235.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296283/; classtype:trojan-activity;sid:84159383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.216.30.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296282/; classtype:trojan-activity;sid:84159382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.33.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296281/; classtype:trojan-activity;sid:84159381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.224.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296280/; classtype:trojan-activity;sid:84159380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.72.19.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296279/; classtype:trojan-activity;sid:84159379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.53.98.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296278/; classtype:trojan-activity;sid:84159378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.228.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296277/; classtype:trojan-activity;sid:84159377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.111.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296276/; classtype:trojan-activity;sid:84159376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.164.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296274/; classtype:trojan-activity;sid:84159374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.218.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296275/; classtype:trojan-activity;sid:84159375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296273)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.5.83"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296273/; classtype:trojan-activity;sid:84159373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.137.250.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296272/; classtype:trojan-activity;sid:84159372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296271)"; flow:established,from_client; content:"GET"; http_method; content:"/files/documents/tools/getadapterinfo.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"huayusoft.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296271/; classtype:trojan-activity;sid:84159371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296270)"; flow:established,from_client; content:"GET"; http_method; content:"/blecher.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"109.120.139.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296270/; classtype:trojan-activity;sid:84159370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.137.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296269/; classtype:trojan-activity;sid:84159369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.216.30.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296268/; classtype:trojan-activity;sid:84159368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296267/; classtype:trojan-activity;sid:84159367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.23.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296264/; classtype:trojan-activity;sid:84159364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.13.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296265/; classtype:trojan-activity;sid:84159365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.150.120.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296266/; classtype:trojan-activity;sid:84159366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.109.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296263/; classtype:trojan-activity;sid:84159363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296262/; classtype:trojan-activity;sid:84159362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.33.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296261/; classtype:trojan-activity;sid:84159361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.227.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296260/; classtype:trojan-activity;sid:84159360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.24.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296257/; classtype:trojan-activity;sid:84159357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.103.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296258/; classtype:trojan-activity;sid:84159358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.248.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296259/; classtype:trojan-activity;sid:84159359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296256/; classtype:trojan-activity;sid:84159356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.230.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296255/; classtype:trojan-activity;sid:84159355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.230.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296254/; classtype:trojan-activity;sid:84159354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296253)"; flow:established,from_client; content:"GET"; http_method; content:"/hbsa6402673928901533/hbsa6402673928901533.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"fit-retired-athletics-marathon.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296253/; classtype:trojan-activity;sid:84159353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296248)"; flow:established,from_client; content:"GET"; http_method; content:"/receipt580328018732jksra/receipt580328018732jksra.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"fit-retired-athletics-marathon.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296248/; classtype:trojan-activity;sid:84159348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296249)"; flow:established,from_client; content:"GET"; http_method; content:"/tvbsa830932sdav430/tvbsa830932sdav430.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"fit-retired-athletics-marathon.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296249/; classtype:trojan-activity;sid:84159349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296250)"; flow:established,from_client; content:"GET"; http_method; content:"/bnew.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"native-shipments-forty-polar.trycloudflare.com"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296250/; classtype:trojan-activity;sid:84159350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296251)"; flow:established,from_client; content:"GET"; http_method; content:"/bvsrus74903gbsaybnsaer/bvsrus74903gbsaybnsaer.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"fit-retired-athletics-marathon.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296251/; classtype:trojan-activity;sid:84159351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296252)"; flow:established,from_client; content:"GET"; http_method; content:"/urvsa8302msanvbakda09/urvsa8302msanvbakda09_pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"fit-retired-athletics-marathon.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296252/; classtype:trojan-activity;sid:84159352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296247)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.113.128.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296247/; classtype:trojan-activity;sid:84159347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.96.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296246/; classtype:trojan-activity;sid:84159346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.6.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296244/; classtype:trojan-activity;sid:84159344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.206.166.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296245/; classtype:trojan-activity;sid:84159345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296243/; classtype:trojan-activity;sid:84159343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.174.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296242/; classtype:trojan-activity;sid:84159342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.120.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296241/; classtype:trojan-activity;sid:84159341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.93.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296240/; classtype:trojan-activity;sid:84159340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.90.3.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296239/; classtype:trojan-activity;sid:84159339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.104.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296238/; classtype:trojan-activity;sid:84159338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296235)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.159.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296235/; classtype:trojan-activity;sid:84159335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.34.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296236/; classtype:trojan-activity;sid:84159336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.120.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296237/; classtype:trojan-activity;sid:84159337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296234)"; flow:established,from_client; content:"GET"; http_method; content:"/~azeredo/teste/toolkit.ez-activator.2.1.2/office%202010%20toolkit.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"mtm.ufsc.br"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296234/; classtype:trojan-activity;sid:84159334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296233)"; flow:established,from_client; content:"GET"; http_method; content:"/10afebdbffcd4742c81a3cb0f6ce4092156b4375/system/ps1_to_exe_(installer).exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"files1.majorgeeks.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296233/; classtype:trojan-activity;sid:84159333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.131.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296232/; classtype:trojan-activity;sid:84159332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296231)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.24.146.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296231/; classtype:trojan-activity;sid:84159331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296227)"; flow:established,from_client; content:"GET"; http_method; content:"/ahedm.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"native-shipments-forty-polar.trycloudflare.com"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296227/; classtype:trojan-activity;sid:84159327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296228)"; flow:established,from_client; content:"GET"; http_method; content:"/ftsp.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"native-shipments-forty-polar.trycloudflare.com"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296228/; classtype:trojan-activity;sid:84159328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296229)"; flow:established,from_client; content:"GET"; http_method; content:"/dhedm.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"native-shipments-forty-polar.trycloudflare.com"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296229/; classtype:trojan-activity;sid:84159329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296226)"; flow:established,from_client; content:"GET"; http_method; content:"/startuppp.bat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"native-shipments-forty-polar.trycloudflare.com"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296226/; classtype:trojan-activity;sid:84159326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296225)"; flow:established,from_client; content:"GET"; http_method; content:"/urvsa8302msanvbakda09/urvsa8302msanvbakda09_pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"previews-belgium-achieved-driving.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296225/; classtype:trojan-activity;sid:84159325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296224)"; flow:established,from_client; content:"GET"; http_method; content:"/bvsrus74903gbsaybnsaer/bvsrus74903gbsaybnsaer.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"previews-belgium-achieved-driving.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296224/; classtype:trojan-activity;sid:84159324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296221)"; flow:established,from_client; content:"GET"; http_method; content:"/receipt580328018732jksra/receipt580328018732jksra.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"previews-belgium-achieved-driving.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296221/; classtype:trojan-activity;sid:84159321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296222)"; flow:established,from_client; content:"GET"; http_method; content:"/rechaung/57966470_14200_20240604_pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"native-shipments-forty-polar.trycloudflare.com"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296222/; classtype:trojan-activity;sid:84159322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296223)"; flow:established,from_client; content:"GET"; http_method; content:"/tvbsa830932sdav430/tvbsa830932sdav430.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"previews-belgium-achieved-driving.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296223/; classtype:trojan-activity;sid:84159323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.54.77"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296219/; classtype:trojan-activity;sid:84159319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296220)"; flow:established,from_client; content:"GET"; http_method; content:"/hbsa6402673928901533/hbsa6402673928901533.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"previews-belgium-achieved-driving.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296220/; classtype:trojan-activity;sid:84159320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296218)"; flow:established,from_client; content:"GET"; http_method; content:"/csc.vbs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"native-shipments-forty-polar.trycloudflare.com"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296218/; classtype:trojan-activity;sid:84159318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.174.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296217/; classtype:trojan-activity;sid:84159317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.177.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296216/; classtype:trojan-activity;sid:84159316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.66.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296215/; classtype:trojan-activity;sid:84159315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.5.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296214/; classtype:trojan-activity;sid:84159314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.230.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296213/; classtype:trojan-activity;sid:84159313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296212)"; flow:established,from_client; content:"GET"; http_method; content:"/treportsz30/treportsz30setup.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"treports.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296212/; classtype:trojan-activity;sid:84159312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296211)"; flow:established,from_client; content:"GET"; http_method; content:"/client/pc/ireader-pc-win10.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"61.154.0.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296211/; classtype:trojan-activity;sid:84159311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296210)"; flow:established,from_client; content:"GET"; http_method; content:"/propask/cheat1/releases/download/cheat/123.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296210/; classtype:trojan-activity;sid:84159310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296207)"; flow:established,from_client; content:"GET"; http_method; content:"/pdd_biaoge/soft/down.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"49.232.174.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296207/; classtype:trojan-activity;sid:84159307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296208)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%96%b0%e7%82%b9%e7%94%b5%e5%ad%90%e4%ba%a4%e6%98%93%e6%a1%86%e6%9e%b6%e6%94%af%e6%92%91%e6%9c%8d%e5%8a%a1/pdfimages.exe"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"180.117.160.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296208/; classtype:trojan-activity;sid:84159308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296209)"; flow:established,from_client; content:"GET"; http_method; content:"/crm/exe/update.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.zhikey.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296209/; classtype:trojan-activity;sid:84159309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296205)"; flow:established,from_client; content:"GET"; http_method; content:"/tsp/d3d10.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"88.209.197.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296205/; classtype:trojan-activity;sid:84159305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296206)"; flow:established,from_client; content:"GET"; http_method; content:"/setups/1/jtupdate.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mipl.info"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296206/; classtype:trojan-activity;sid:84159306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296203)"; flow:established,from_client; content:"GET"; http_method; content:"/kituri/adobe%20acrobat%20xi%20pro%2011.0.16%20multilingual%20+%20crack%20[sadeempc]/crack/amt%20emulator%200.8%20by%20painter/amtemu.v0.8-painter.exe"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"161.97.88.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296203/; classtype:trojan-activity;sid:84159303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296204)"; flow:established,from_client; content:"GET"; http_method; content:"/movavi%20video%20editor%20plus%202021%20v21.4.0%20x64/crack/bb2018.dll"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"bgyeger.r6.hu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296204/; classtype:trojan-activity;sid:84159304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296202)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"38.207.132.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296202/; classtype:trojan-activity;sid:84159302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296201)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_x64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.207.132.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296201/; classtype:trojan-activity;sid:84159301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.131.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296200/; classtype:trojan-activity;sid:84159300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.90.3.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296199/; classtype:trojan-activity;sid:84159299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.150.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296198/; classtype:trojan-activity;sid:84159298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.54.77"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296197/; classtype:trojan-activity;sid:84159297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.89.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296196/; classtype:trojan-activity;sid:84159296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.197.26.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296195/; classtype:trojan-activity;sid:84159295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.127.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296194/; classtype:trojan-activity;sid:84159294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.46.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296193/; classtype:trojan-activity;sid:84159293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.122.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296192/; classtype:trojan-activity;sid:84159292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.74.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296191/; classtype:trojan-activity;sid:84159291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.100.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296190/; classtype:trojan-activity;sid:84159290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.177.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296189/; classtype:trojan-activity;sid:84159289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.243.133.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296188/; classtype:trojan-activity;sid:84159288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296187/; classtype:trojan-activity;sid:84159287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296186)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.199.109.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296186/; classtype:trojan-activity;sid:84159286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296185/; classtype:trojan-activity;sid:84159285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.203.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296184/; classtype:trojan-activity;sid:84159284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.226.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296183/; classtype:trojan-activity;sid:84159283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.70.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296182/; classtype:trojan-activity;sid:84159282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.14.57.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296180/; classtype:trojan-activity;sid:84159280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.87.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296181/; classtype:trojan-activity;sid:84159281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.183.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296179/; classtype:trojan-activity;sid:84159279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.14.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296177/; classtype:trojan-activity;sid:84159277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.89.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296178/; classtype:trojan-activity;sid:84159278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.201.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296176/; classtype:trojan-activity;sid:84159276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296175/; classtype:trojan-activity;sid:84159275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.14.57.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296174/; classtype:trojan-activity;sid:84159274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.138.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296173/; classtype:trojan-activity;sid:84159273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.100.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296172/; classtype:trojan-activity;sid:84159272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.243.133.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296171/; classtype:trojan-activity;sid:84159271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296170)"; flow:established,from_client; content:"GET"; http_method; content:"/build.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bhcc.com.sa"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296170/; classtype:trojan-activity;sid:84159270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296169)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.3.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296169/; classtype:trojan-activity;sid:84159269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296168/; classtype:trojan-activity;sid:84159268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.220.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296167/; classtype:trojan-activity;sid:84159267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.172.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296165/; classtype:trojan-activity;sid:84159265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.214.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296166/; classtype:trojan-activity;sid:84159266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.70.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296164/; classtype:trojan-activity;sid:84159264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.85.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296163/; classtype:trojan-activity;sid:84159263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.16.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296162/; classtype:trojan-activity;sid:84159262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.182.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296161/; classtype:trojan-activity;sid:84159261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296160)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"117.63.246.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296160/; classtype:trojan-activity;sid:84159260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.97.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296159/; classtype:trojan-activity;sid:84159259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296158)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b7%85%e3%82%bd%e5%b3%b0[%e9%95%bf%e4%b9%85]3.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"www.333zz.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296158/; classtype:trojan-activity;sid:84159258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296157)"; flow:established,from_client; content:"GET"; http_method; content:"/d78be06952a942aeaaddf90bec673982:prerequisites/vc_redist.x64.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"sin1.contabostorage.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296157/; classtype:trojan-activity;sid:84159257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296156)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.9.101"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296156/; classtype:trojan-activity;sid:84159256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.163.81.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296155/; classtype:trojan-activity;sid:84159255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296154/; classtype:trojan-activity;sid:84159254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.78.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296153/; classtype:trojan-activity;sid:84159253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.105.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296152/; classtype:trojan-activity;sid:84159252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.87.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296151/; classtype:trojan-activity;sid:84159251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.54.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296150/; classtype:trojan-activity;sid:84159250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.226.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296149/; classtype:trojan-activity;sid:84159249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.33.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296148/; classtype:trojan-activity;sid:84159248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296147)"; flow:established,from_client; content:"GET"; http_method; content:"/xj/%e6%97%b6%e6%97%b6%e5%bd%a9%20v6.7.2%20%208-21.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"xj.55555com.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296147/; classtype:trojan-activity;sid:84159247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296146)"; flow:established,from_client; content:"GET"; http_method; content:"/fastad4.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mintfiles.s3.amazonaws.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296146/; classtype:trojan-activity;sid:84159246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.53.54.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296145/; classtype:trojan-activity;sid:84159245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.54.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296144/; classtype:trojan-activity;sid:84159244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.46.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296143/; classtype:trojan-activity;sid:84159243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.149.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296142/; classtype:trojan-activity;sid:84159242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.15.23"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296141/; classtype:trojan-activity;sid:84159241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.33.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296140/; classtype:trojan-activity;sid:84159240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.141.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296139/; classtype:trojan-activity;sid:84159239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.45.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296137/; classtype:trojan-activity;sid:84159237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.88.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296138/; classtype:trojan-activity;sid:84159238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.18.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296136/; classtype:trojan-activity;sid:84159236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.210.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296135/; classtype:trojan-activity;sid:84159235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.191.178.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296134/; classtype:trojan-activity;sid:84159234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.53.54.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296133/; classtype:trojan-activity;sid:84159233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.99.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296132/; classtype:trojan-activity;sid:84159232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.15.23"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296131/; classtype:trojan-activity;sid:84159231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.21.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296130/; classtype:trojan-activity;sid:84159230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.87.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296129/; classtype:trojan-activity;sid:84159229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.46.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296128/; classtype:trojan-activity;sid:84159228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296127/; classtype:trojan-activity;sid:84159227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.88.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296126/; classtype:trojan-activity;sid:84159226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.19.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296125/; classtype:trojan-activity;sid:84159225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.109.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296124/; classtype:trojan-activity;sid:84159224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.230.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296123/; classtype:trojan-activity;sid:84159223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.19.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296122/; classtype:trojan-activity;sid:84159222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.104.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296121/; classtype:trojan-activity;sid:84159221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.89.252.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296120/; classtype:trojan-activity;sid:84159220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.70.181.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296119/; classtype:trojan-activity;sid:84159219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.104.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296118/; classtype:trojan-activity;sid:84159218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.61.114.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296117/; classtype:trojan-activity;sid:84159217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.169.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296115/; classtype:trojan-activity;sid:84159215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.52.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296116/; classtype:trojan-activity;sid:84159216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.239.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296113/; classtype:trojan-activity;sid:84159213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.17.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296114/; classtype:trojan-activity;sid:84159214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.102.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296112/; classtype:trojan-activity;sid:84159212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.121.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296111/; classtype:trojan-activity;sid:84159211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.59.114.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296110/; classtype:trojan-activity;sid:84159210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.86.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296109/; classtype:trojan-activity;sid:84159209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296108/; classtype:trojan-activity;sid:84159208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296107)"; flow:established,from_client; content:"GET"; http_method; content:"/carlos_121/sos/downloads/envio_copia_de_la_notificacion_electronica_demanda.tar.bin.tar.001"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296107/; classtype:trojan-activity;sid:84159207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.177.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296106/; classtype:trojan-activity;sid:84159206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.168.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296105/; classtype:trojan-activity;sid:84159205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296104)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.181.187.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296104/; classtype:trojan-activity;sid:84159204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.90.3.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296103/; classtype:trojan-activity;sid:84159203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296102/; classtype:trojan-activity;sid:84159202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.206.166.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296101/; classtype:trojan-activity;sid:84159201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.200.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296100/; classtype:trojan-activity;sid:84159200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.143.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296099/; classtype:trojan-activity;sid:84159199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296098)"; flow:established,from_client; content:"GET"; http_method; content:"/vkjqpc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296098/; classtype:trojan-activity;sid:84159198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296096)"; flow:established,from_client; content:"GET"; http_method; content:"/wnbw86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296096/; classtype:trojan-activity;sid:84159196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296097)"; flow:established,from_client; content:"GET"; http_method; content:"/jwwofba5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296097/; classtype:trojan-activity;sid:84159197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296095)"; flow:established,from_client; content:"GET"; http_method; content:"/wheiuwa4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296095/; classtype:trojan-activity;sid:84159195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296089)"; flow:established,from_client; content:"GET"; http_method; content:"/kjsusa6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296089/; classtype:trojan-activity;sid:84159189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296090)"; flow:established,from_client; content:"GET"; http_method; content:"/vsbeps"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296090/; classtype:trojan-activity;sid:84159190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296091)"; flow:established,from_client; content:"GET"; http_method; content:"/vqsjh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296091/; classtype:trojan-activity;sid:84159191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296092)"; flow:established,from_client; content:"GET"; http_method; content:"/dvwkja7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296092/; classtype:trojan-activity;sid:84159192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296093)"; flow:established,from_client; content:"GET"; http_method; content:"/wriww68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296093/; classtype:trojan-activity;sid:84159193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296094)"; flow:established,from_client; content:"GET"; http_method; content:"/qkehusl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296094/; classtype:trojan-activity;sid:84159194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296085)"; flow:established,from_client; content:"GET"; http_method; content:"/kjsusa6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.216.17.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296085/; classtype:trojan-activity;sid:84159185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296086)"; flow:established,from_client; content:"GET"; http_method; content:"/vsbeps"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.216.17.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296086/; classtype:trojan-activity;sid:84159186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296087)"; flow:established,from_client; content:"GET"; http_method; content:"/vkjqpc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.216.17.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296087/; classtype:trojan-activity;sid:84159187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296088)"; flow:established,from_client; content:"GET"; http_method; content:"/wheiuwa4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.216.17.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296088/; classtype:trojan-activity;sid:84159188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296078)"; flow:established,from_client; content:"GET"; http_method; content:"/dvwkja7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.216.17.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296078/; classtype:trojan-activity;sid:84159178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296079)"; flow:established,from_client; content:"GET"; http_method; content:"/wnbw86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.216.17.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296079/; classtype:trojan-activity;sid:84159179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.69.105.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296080/; classtype:trojan-activity;sid:84159180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296081)"; flow:established,from_client; content:"GET"; http_method; content:"/vqsjh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.216.17.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296081/; classtype:trojan-activity;sid:84159181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296082)"; flow:established,from_client; content:"GET"; http_method; content:"/jwwofba5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.216.17.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296082/; classtype:trojan-activity;sid:84159182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296083)"; flow:established,from_client; content:"GET"; http_method; content:"/qkehusl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.216.17.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296083/; classtype:trojan-activity;sid:84159183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296084)"; flow:established,from_client; content:"GET"; http_method; content:"/wriww68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.216.17.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296084/; classtype:trojan-activity;sid:84159184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.36.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296077/; classtype:trojan-activity;sid:84159177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.99.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296076/; classtype:trojan-activity;sid:84159176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.102.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296075/; classtype:trojan-activity;sid:84159175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.71.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296074/; classtype:trojan-activity;sid:84159174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.121.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296073/; classtype:trojan-activity;sid:84159173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.10.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296072/; classtype:trojan-activity;sid:84159172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296071)"; flow:established,from_client; content:"GET"; http_method; content:"/files/mixeleven.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296071/; classtype:trojan-activity;sid:84159171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.73.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296070/; classtype:trojan-activity;sid:84159170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.157.144.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296069/; classtype:trojan-activity;sid:84159169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.43.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296068/; classtype:trojan-activity;sid:84159168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.101.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296066/; classtype:trojan-activity;sid:84159166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.32.123"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296067/; classtype:trojan-activity;sid:84159167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.225.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296065/; classtype:trojan-activity;sid:84159165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296064)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/s/e|3f|rlkey=vlr9zditnsugtc2yh5yr7p84m"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"fc8g7ejc3m.dl.dropboxusercontent.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296064/; classtype:trojan-activity;sid:84159164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.89.61.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296063/; classtype:trojan-activity;sid:84159163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.88.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296062/; classtype:trojan-activity;sid:84159162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.240.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296061/; classtype:trojan-activity;sid:84159161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.134.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296060/; classtype:trojan-activity;sid:84159160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296059/; classtype:trojan-activity;sid:84159159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.96.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296056/; classtype:trojan-activity;sid:84159156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.126.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296057/; classtype:trojan-activity;sid:84159157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.243.181.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296058/; classtype:trojan-activity;sid:84159158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.102.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296055/; classtype:trojan-activity;sid:84159155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296053)"; flow:established,from_client; content:"GET"; http_method; content:"/dll/dll008.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296053/; classtype:trojan-activity;sid:84159153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296054)"; flow:established,from_client; content:"GET"; http_method; content:"/sh/sh007.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296054/; classtype:trojan-activity;sid:84159154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296052)"; flow:established,from_client; content:"GET"; http_method; content:"/ps1/ps1002.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296052/; classtype:trojan-activity;sid:84159152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296047)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/exe010.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296047/; classtype:trojan-activity;sid:84159147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296048)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/exe005.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296048/; classtype:trojan-activity;sid:84159148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296049)"; flow:established,from_client; content:"GET"; http_method; content:"/ps1/ps1003.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296049/; classtype:trojan-activity;sid:84159149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296050)"; flow:established,from_client; content:"GET"; http_method; content:"/dll/dll004.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296050/; classtype:trojan-activity;sid:84159150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296051)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/exe004.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296051/; classtype:trojan-activity;sid:84159151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296015)"; flow:established,from_client; content:"GET"; http_method; content:"/dll/dll007.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296015/; classtype:trojan-activity;sid:84159115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296016)"; flow:established,from_client; content:"GET"; http_method; content:"/ps1/ps1005.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296016/; classtype:trojan-activity;sid:84159116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296017)"; flow:established,from_client; content:"GET"; http_method; content:"/dll/dll005.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296017/; classtype:trojan-activity;sid:84159117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296018)"; flow:established,from_client; content:"GET"; http_method; content:"/sh/sh008.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296018/; classtype:trojan-activity;sid:84159118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296019)"; flow:established,from_client; content:"GET"; http_method; content:"/dll/dll003.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296019/; classtype:trojan-activity;sid:84159119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296020)"; flow:established,from_client; content:"GET"; http_method; content:"/sh/sh010.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296020/; classtype:trojan-activity;sid:84159120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296021)"; flow:established,from_client; content:"GET"; http_method; content:"/dll/dll006.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296021/; classtype:trojan-activity;sid:84159121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296022)"; flow:established,from_client; content:"GET"; http_method; content:"/dll/dll002.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296022/; classtype:trojan-activity;sid:84159122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296023)"; flow:established,from_client; content:"GET"; http_method; content:"/dll/dll010.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296023/; classtype:trojan-activity;sid:84159123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296024)"; flow:established,from_client; content:"GET"; http_method; content:"/dll/dll001.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296024/; classtype:trojan-activity;sid:84159124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296025)"; flow:established,from_client; content:"GET"; http_method; content:"/ps1/ps1006.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296025/; classtype:trojan-activity;sid:84159125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296026)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/exe002.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296026/; classtype:trojan-activity;sid:84159126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296027)"; flow:established,from_client; content:"GET"; http_method; content:"/sh/sh004.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296027/; classtype:trojan-activity;sid:84159127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296028)"; flow:established,from_client; content:"GET"; http_method; content:"/ps1/ps1010.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296028/; classtype:trojan-activity;sid:84159128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296029)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/exe006.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296029/; classtype:trojan-activity;sid:84159129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296030)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/exe008.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296030/; classtype:trojan-activity;sid:84159130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296031)"; flow:established,from_client; content:"GET"; http_method; content:"/ps1/ps1009.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296031/; classtype:trojan-activity;sid:84159131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296032)"; flow:established,from_client; content:"GET"; http_method; content:"/sh/sh002.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296032/; classtype:trojan-activity;sid:84159132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296033)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/exe009.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296033/; classtype:trojan-activity;sid:84159133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296034)"; flow:established,from_client; content:"GET"; http_method; content:"/sh/sh003.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296034/; classtype:trojan-activity;sid:84159134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296035)"; flow:established,from_client; content:"GET"; http_method; content:"/ps1/ps1008.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296035/; classtype:trojan-activity;sid:84159135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296036)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/exe003.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296036/; classtype:trojan-activity;sid:84159136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296037)"; flow:established,from_client; content:"GET"; http_method; content:"/sh/sh006.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296037/; classtype:trojan-activity;sid:84159137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296038)"; flow:established,from_client; content:"GET"; http_method; content:"/dll/dll009.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296038/; classtype:trojan-activity;sid:84159138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296039)"; flow:established,from_client; content:"GET"; http_method; content:"/sh/sh001.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296039/; classtype:trojan-activity;sid:84159139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296040)"; flow:established,from_client; content:"GET"; http_method; content:"/sh/sh005.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296040/; classtype:trojan-activity;sid:84159140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296041)"; flow:established,from_client; content:"GET"; http_method; content:"/sh/sh009.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296041/; classtype:trojan-activity;sid:84159141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296042)"; flow:established,from_client; content:"GET"; http_method; content:"/ps1/ps1007.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296042/; classtype:trojan-activity;sid:84159142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296043)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/exe001.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296043/; classtype:trojan-activity;sid:84159143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296044)"; flow:established,from_client; content:"GET"; http_method; content:"/txt/xkl0pnd8zfpjfh1.wiz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.84.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296044/; classtype:trojan-activity;sid:84159144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296045)"; flow:established,from_client; content:"GET"; http_method; content:"/ps1/ps1004.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296045/; classtype:trojan-activity;sid:84159145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296046)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/exe007.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296046/; classtype:trojan-activity;sid:84159146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.46.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296014/; classtype:trojan-activity;sid:84159114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296013)"; flow:established,from_client; content:"GET"; http_method; content:"/ps1/ps1001.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.90.142.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296013/; classtype:trojan-activity;sid:84159113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.218.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296012/; classtype:trojan-activity;sid:84159112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.184.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296011/; classtype:trojan-activity;sid:84159111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296006)"; flow:established,from_client; content:"GET"; http_method; content:"/trashss/jpmfwq.wav"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"inspirecollege.co.uk"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296006/; classtype:trojan-activity;sid:84159106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296007)"; flow:established,from_client; content:"GET"; http_method; content:"/trashss/fwympkg.wav"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"inspirecollege.co.uk"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296007/; classtype:trojan-activity;sid:84159107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296008)"; flow:established,from_client; content:"GET"; http_method; content:"/trashss/kslmdnldhtq.dat"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"inspirecollege.co.uk"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296008/; classtype:trojan-activity;sid:84159108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296009)"; flow:established,from_client; content:"GET"; http_method; content:"/trashss/pgyehm.dat"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"inspirecollege.co.uk"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296009/; classtype:trojan-activity;sid:84159109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296010)"; flow:established,from_client; content:"GET"; http_method; content:"/trashss/ujegysfu.dat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"inspirecollege.co.uk"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296010/; classtype:trojan-activity;sid:84159110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.59.152.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296005/; classtype:trojan-activity;sid:84159105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.59.114.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296004/; classtype:trojan-activity;sid:84159104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.183.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296003/; classtype:trojan-activity;sid:84159103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.71.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296002/; classtype:trojan-activity;sid:84159102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.247.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296001/; classtype:trojan-activity;sid:84159101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.157.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296000/; classtype:trojan-activity;sid:84159100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.134.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295999/; classtype:trojan-activity;sid:84159099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.89.61.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295998/; classtype:trojan-activity;sid:84159098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.176.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295997/; classtype:trojan-activity;sid:84159097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.224.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295996/; classtype:trojan-activity;sid:84159096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.214.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295995/; classtype:trojan-activity;sid:84159095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.127.233.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295994/; classtype:trojan-activity;sid:84159094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.56.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295993/; classtype:trojan-activity;sid:84159093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.74.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295992/; classtype:trojan-activity;sid:84159092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.149.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295991/; classtype:trojan-activity;sid:84159091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.200.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295990/; classtype:trojan-activity;sid:84159090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.71.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295989/; classtype:trojan-activity;sid:84159089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.121.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295988/; classtype:trojan-activity;sid:84159088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.224.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295987/; classtype:trojan-activity;sid:84159087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.149.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295986/; classtype:trojan-activity;sid:84159086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.66.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295984/; classtype:trojan-activity;sid:84159084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.181.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295985/; classtype:trojan-activity;sid:84159085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.149.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295983/; classtype:trojan-activity;sid:84159083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.135.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295982/; classtype:trojan-activity;sid:84159082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.204.235.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295981/; classtype:trojan-activity;sid:84159081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.155.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295980/; classtype:trojan-activity;sid:84159080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.240.196.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295979/; classtype:trojan-activity;sid:84159079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.212.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295978/; classtype:trojan-activity;sid:84159078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295977/; classtype:trojan-activity;sid:84159077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.198.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295976/; classtype:trojan-activity;sid:84159076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.200.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295975/; classtype:trojan-activity;sid:84159075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.102.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295974/; classtype:trojan-activity;sid:84159074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.85.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295973/; classtype:trojan-activity;sid:84159073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.130.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295972/; classtype:trojan-activity;sid:84159072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.139.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295971/; classtype:trojan-activity;sid:84159071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.70.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295970/; classtype:trojan-activity;sid:84159070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.249.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295969/; classtype:trojan-activity;sid:84159069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.230.60.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295968/; classtype:trojan-activity;sid:84159068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.8.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295967/; classtype:trojan-activity;sid:84159067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295966)"; flow:established,from_client; content:"GET"; http_method; content:"/iwir64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.216.17.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295966/; classtype:trojan-activity;sid:84159066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.11.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295965/; classtype:trojan-activity;sid:84159065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295964)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.28.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295964/; classtype:trojan-activity;sid:84159064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.227.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295963/; classtype:trojan-activity;sid:84159063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.240.196.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295962/; classtype:trojan-activity;sid:84159062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295961)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.26.51.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295961/; classtype:trojan-activity;sid:84159061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"63.47.120.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295960/; classtype:trojan-activity;sid:84159060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.234.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295959/; classtype:trojan-activity;sid:84159059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295958/; classtype:trojan-activity;sid:84159058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.21.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295957/; classtype:trojan-activity;sid:84159057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295955/; classtype:trojan-activity;sid:84159055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.228.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295956/; classtype:trojan-activity;sid:84159056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.230.60.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295954/; classtype:trojan-activity;sid:84159054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.150.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295953/; classtype:trojan-activity;sid:84159053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.8.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295952/; classtype:trojan-activity;sid:84159052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.227.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295950/; classtype:trojan-activity;sid:84159050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.47.120.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295951/; classtype:trojan-activity;sid:84159051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.38.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295949/; classtype:trojan-activity;sid:84159049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.230.60.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295948/; classtype:trojan-activity;sid:84159048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.245.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295947/; classtype:trojan-activity;sid:84159047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.243.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295946/; classtype:trojan-activity;sid:84159046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.131.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295945/; classtype:trojan-activity;sid:84159045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.210.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295944/; classtype:trojan-activity;sid:84159044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.204.235.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295943/; classtype:trojan-activity;sid:84159043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.48.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295942/; classtype:trojan-activity;sid:84159042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.152.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295941/; classtype:trojan-activity;sid:84159041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.121.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295940/; classtype:trojan-activity;sid:84159040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.176.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295939/; classtype:trojan-activity;sid:84159039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.187.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295938/; classtype:trojan-activity;sid:84159038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.234.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295937/; classtype:trojan-activity;sid:84159037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.150.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295936/; classtype:trojan-activity;sid:84159036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.59.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295935/; classtype:trojan-activity;sid:84159035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.38.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295934/; classtype:trojan-activity;sid:84159034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.210.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295933/; classtype:trojan-activity;sid:84159033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.243.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295932/; classtype:trojan-activity;sid:84159032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.131.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295931/; classtype:trojan-activity;sid:84159031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.48.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295930/; classtype:trojan-activity;sid:84159030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.192.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295929/; classtype:trojan-activity;sid:84159029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.84.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295927/; classtype:trojan-activity;sid:84159027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295928/; classtype:trojan-activity;sid:84159028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.234.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295925/; classtype:trojan-activity;sid:84159025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.157.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295926/; classtype:trojan-activity;sid:84159026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.187.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295924/; classtype:trojan-activity;sid:84159024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.90.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295923/; classtype:trojan-activity;sid:84159023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.207.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295922/; classtype:trojan-activity;sid:84159022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.90.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295921/; classtype:trojan-activity;sid:84159021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.121.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295919/; classtype:trojan-activity;sid:84159019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.177.200.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295920/; classtype:trojan-activity;sid:84159020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.198.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295918/; classtype:trojan-activity;sid:84159018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.104.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295917/; classtype:trojan-activity;sid:84159017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.63.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295916/; classtype:trojan-activity;sid:84159016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.214.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295915/; classtype:trojan-activity;sid:84159015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.84.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295914/; classtype:trojan-activity;sid:84159014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.239.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295913/; classtype:trojan-activity;sid:84159013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.180.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295912/; classtype:trojan-activity;sid:84159012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.87.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295910/; classtype:trojan-activity;sid:84159010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.36.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295911/; classtype:trojan-activity;sid:84159011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.206.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295909/; classtype:trojan-activity;sid:84159009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.173.75.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295907/; classtype:trojan-activity;sid:84159007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295908)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.136.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295908/; classtype:trojan-activity;sid:84159008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.228.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295906/; classtype:trojan-activity;sid:84159006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.18.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295905/; classtype:trojan-activity;sid:84159005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.123.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295904/; classtype:trojan-activity;sid:84159004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.81.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295903/; classtype:trojan-activity;sid:84159003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.207.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295902/; classtype:trojan-activity;sid:84159002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.33.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295901/; classtype:trojan-activity;sid:84159001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.14.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295900/; classtype:trojan-activity;sid:84159000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.213.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295899/; classtype:trojan-activity;sid:84158999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.78.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295896/; classtype:trojan-activity;sid:84158996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.51.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295897/; classtype:trojan-activity;sid:84158997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.36.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295898/; classtype:trojan-activity;sid:84158998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.207.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295895/; classtype:trojan-activity;sid:84158995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.239.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295892/; classtype:trojan-activity;sid:84158992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.157.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295893/; classtype:trojan-activity;sid:84158993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.21.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295894/; classtype:trojan-activity;sid:84158994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295891/; classtype:trojan-activity;sid:84158991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.180.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295890/; classtype:trojan-activity;sid:84158990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.1.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295889/; classtype:trojan-activity;sid:84158989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.87.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295888/; classtype:trojan-activity;sid:84158988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.143.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295887/; classtype:trojan-activity;sid:84158987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.111.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295885/; classtype:trojan-activity;sid:84158985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.52.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295886/; classtype:trojan-activity;sid:84158986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.18.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295884/; classtype:trojan-activity;sid:84158984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.228.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295883/; classtype:trojan-activity;sid:84158983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.198.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295881/; classtype:trojan-activity;sid:84158981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.22.123.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295882/; classtype:trojan-activity;sid:84158982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.33.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295880/; classtype:trojan-activity;sid:84158980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.87.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295879/; classtype:trojan-activity;sid:84158979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.78.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295876/; classtype:trojan-activity;sid:84158976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.63.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295877/; classtype:trojan-activity;sid:84158977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.213.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295878/; classtype:trojan-activity;sid:84158978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.51.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295875/; classtype:trojan-activity;sid:84158975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.17.53"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295873/; classtype:trojan-activity;sid:84158973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.33.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295874/; classtype:trojan-activity;sid:84158974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.142.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295872/; classtype:trojan-activity;sid:84158972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.217.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295871/; classtype:trojan-activity;sid:84158971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.212.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295870/; classtype:trojan-activity;sid:84158970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.111.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295869/; classtype:trojan-activity;sid:84158969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.143.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295868/; classtype:trojan-activity;sid:84158968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.63.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295867/; classtype:trojan-activity;sid:84158967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295866/; classtype:trojan-activity;sid:84158966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.63.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295865/; classtype:trojan-activity;sid:84158965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.22.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295864/; classtype:trojan-activity;sid:84158964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.90.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295863/; classtype:trojan-activity;sid:84158963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.142.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295862/; classtype:trojan-activity;sid:84158962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.102.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295861/; classtype:trojan-activity;sid:84158961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295860)"; flow:established,from_client; content:"GET"; http_method; content:"/cd1.dll"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295860/; classtype:trojan-activity;sid:84158960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295858)"; flow:established,from_client; content:"GET"; http_method; content:"/c1.dll"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295858/; classtype:trojan-activity;sid:84158958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295859)"; flow:established,from_client; content:"GET"; http_method; content:"/c1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295859/; classtype:trojan-activity;sid:84158959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295856)"; flow:established,from_client; content:"GET"; http_method; content:"/pq1.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295856/; classtype:trojan-activity;sid:84158956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295857)"; flow:established,from_client; content:"GET"; http_method; content:"/cb1.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295857/; classtype:trojan-activity;sid:84158957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295854)"; flow:established,from_client; content:"GET"; http_method; content:"/pq.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295854/; classtype:trojan-activity;sid:84158954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295855)"; flow:established,from_client; content:"GET"; http_method; content:"/pq2.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295855/; classtype:trojan-activity;sid:84158955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295852)"; flow:established,from_client; content:"GET"; http_method; content:"/cb2.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295852/; classtype:trojan-activity;sid:84158952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295853)"; flow:established,from_client; content:"GET"; http_method; content:"/cbjq..dll"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295853/; classtype:trojan-activity;sid:84158953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295851)"; flow:established,from_client; content:"GET"; http_method; content:"/cb.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295851/; classtype:trojan-activity;sid:84158951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.22.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295850/; classtype:trojan-activity;sid:84158950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295849)"; flow:established,from_client; content:"GET"; http_method; content:"/cb.ini"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295849/; classtype:trojan-activity;sid:84158949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.198.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295848/; classtype:trojan-activity;sid:84158948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.186.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295847/; classtype:trojan-activity;sid:84158947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.240.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295846/; classtype:trojan-activity;sid:84158946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.113.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295845/; classtype:trojan-activity;sid:84158945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.127.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295844/; classtype:trojan-activity;sid:84158944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.255.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295841/; classtype:trojan-activity;sid:84158941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295842/; classtype:trojan-activity;sid:84158942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.234.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295843/; classtype:trojan-activity;sid:84158943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295840)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.111.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295840/; classtype:trojan-activity;sid:84158940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.176.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295839/; classtype:trojan-activity;sid:84158939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.95.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295838/; classtype:trojan-activity;sid:84158938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.156.89.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295837/; classtype:trojan-activity;sid:84158937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.96.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295836/; classtype:trojan-activity;sid:84158936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.101.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295835/; classtype:trojan-activity;sid:84158935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295834)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.226.102.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295834/; classtype:trojan-activity;sid:84158934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.17.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295833/; classtype:trojan-activity;sid:84158933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.221.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295832/; classtype:trojan-activity;sid:84158932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.247.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295831/; classtype:trojan-activity;sid:84158931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295830/; classtype:trojan-activity;sid:84158930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.156.89.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295828/; classtype:trojan-activity;sid:84158928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.82.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295829/; classtype:trojan-activity;sid:84158929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.37.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295827/; classtype:trojan-activity;sid:84158927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.179.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295826/; classtype:trojan-activity;sid:84158926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.186.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295825/; classtype:trojan-activity;sid:84158925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.46.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295824/; classtype:trojan-activity;sid:84158924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.136.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295823/; classtype:trojan-activity;sid:84158923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.242.49.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295822/; classtype:trojan-activity;sid:84158922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295821)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.25.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295821/; classtype:trojan-activity;sid:84158921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.176.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295820/; classtype:trojan-activity;sid:84158920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295818/; classtype:trojan-activity;sid:84158918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.119.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295819/; classtype:trojan-activity;sid:84158919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.20.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295817/; classtype:trojan-activity;sid:84158917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.95.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295816/; classtype:trojan-activity;sid:84158916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.37.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295815/; classtype:trojan-activity;sid:84158915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295814/; classtype:trojan-activity;sid:84158914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.221.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295813/; classtype:trojan-activity;sid:84158913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.184.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295812/; classtype:trojan-activity;sid:84158912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.58.63"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295811/; classtype:trojan-activity;sid:84158911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.66.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295810/; classtype:trojan-activity;sid:84158910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295809/; classtype:trojan-activity;sid:84158909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.101.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295808/; classtype:trojan-activity;sid:84158908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.103.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295807/; classtype:trojan-activity;sid:84158907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.103.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295806/; classtype:trojan-activity;sid:84158906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.222.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295804/; classtype:trojan-activity;sid:84158904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.81.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295805/; classtype:trojan-activity;sid:84158905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.105.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295803/; classtype:trojan-activity;sid:84158903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.90.1.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295802/; classtype:trojan-activity;sid:84158902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295801/; classtype:trojan-activity;sid:84158901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.245.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295800/; classtype:trojan-activity;sid:84158900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295799)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.10.92"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295799/; classtype:trojan-activity;sid:84158899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295798)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.141.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295798/; classtype:trojan-activity;sid:84158898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295797)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.39.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295797/; classtype:trojan-activity;sid:84158897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295796/; classtype:trojan-activity;sid:84158896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.89.61.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295795/; classtype:trojan-activity;sid:84158895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.141.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295794/; classtype:trojan-activity;sid:84158894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.235.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295793/; classtype:trojan-activity;sid:84158893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.58.63"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295792/; classtype:trojan-activity;sid:84158892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295791/; classtype:trojan-activity;sid:84158891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.0.116"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295788/; classtype:trojan-activity;sid:84158888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.222.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295789/; classtype:trojan-activity;sid:84158889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.226.134.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295790/; classtype:trojan-activity;sid:84158890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295787)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.10.92"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295787/; classtype:trojan-activity;sid:84158887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.81.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295786/; classtype:trojan-activity;sid:84158886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.22.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295785/; classtype:trojan-activity;sid:84158885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.221.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295784/; classtype:trojan-activity;sid:84158884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.107.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295783/; classtype:trojan-activity;sid:84158883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.66.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295782/; classtype:trojan-activity;sid:84158882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.93.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295781/; classtype:trojan-activity;sid:84158881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.9.149.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295780/; classtype:trojan-activity;sid:84158880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.101.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295779/; classtype:trojan-activity;sid:84158879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.215.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295777/; classtype:trojan-activity;sid:84158877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.199.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295778/; classtype:trojan-activity;sid:84158878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.20.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295776/; classtype:trojan-activity;sid:84158876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.221.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295775/; classtype:trojan-activity;sid:84158875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.66.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295774/; classtype:trojan-activity;sid:84158874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.145.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295773/; classtype:trojan-activity;sid:84158873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.15.126"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295772/; classtype:trojan-activity;sid:84158872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.189.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295771/; classtype:trojan-activity;sid:84158871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.50.124.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295770/; classtype:trojan-activity;sid:84158870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.127.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295769/; classtype:trojan-activity;sid:84158869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.66.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295768/; classtype:trojan-activity;sid:84158868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.19.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295767/; classtype:trojan-activity;sid:84158867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.209.150.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295766/; classtype:trojan-activity;sid:84158866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.16.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295765/; classtype:trojan-activity;sid:84158865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.195.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295764/; classtype:trojan-activity;sid:84158864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.47.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295763/; classtype:trojan-activity;sid:84158863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.58.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295762/; classtype:trojan-activity;sid:84158862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.26.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295761/; classtype:trojan-activity;sid:84158861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.189.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295760/; classtype:trojan-activity;sid:84158860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.145.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295759/; classtype:trojan-activity;sid:84158859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.147.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295757/; classtype:trojan-activity;sid:84158857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.54.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295758/; classtype:trojan-activity;sid:84158858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.84.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295756/; classtype:trojan-activity;sid:84158856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.47.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295755/; classtype:trojan-activity;sid:84158855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.196.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295754/; classtype:trojan-activity;sid:84158854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.50.124.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295753/; classtype:trojan-activity;sid:84158853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295752/; classtype:trojan-activity;sid:84158852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.19.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295750/; classtype:trojan-activity;sid:84158850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.194.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295751/; classtype:trojan-activity;sid:84158851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.110.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295749/; classtype:trojan-activity;sid:84158849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295748/; classtype:trojan-activity;sid:84158848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.140.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295747/; classtype:trojan-activity;sid:84158847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.182.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295746/; classtype:trojan-activity;sid:84158846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295745/; classtype:trojan-activity;sid:84158845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.0.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295744/; classtype:trojan-activity;sid:84158844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.224.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295742/; classtype:trojan-activity;sid:84158842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.119.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295743/; classtype:trojan-activity;sid:84158843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.58.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295741/; classtype:trojan-activity;sid:84158841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.47.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295740/; classtype:trojan-activity;sid:84158840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295739/; classtype:trojan-activity;sid:84158839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.221.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295738/; classtype:trojan-activity;sid:84158838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.147.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295737/; classtype:trojan-activity;sid:84158837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.36.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295736/; classtype:trojan-activity;sid:84158836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.196.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295735/; classtype:trojan-activity;sid:84158835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.214.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295734/; classtype:trojan-activity;sid:84158834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.84.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295733/; classtype:trojan-activity;sid:84158833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.234.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295732/; classtype:trojan-activity;sid:84158832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.244.91.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295731/; classtype:trojan-activity;sid:84158831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.131.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295730/; classtype:trojan-activity;sid:84158830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.37.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295729/; classtype:trojan-activity;sid:84158829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.234.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295728/; classtype:trojan-activity;sid:84158828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.95.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295727/; classtype:trojan-activity;sid:84158827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.244.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295726/; classtype:trojan-activity;sid:84158826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.238.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295725/; classtype:trojan-activity;sid:84158825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.114.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295724/; classtype:trojan-activity;sid:84158824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295723/; classtype:trojan-activity;sid:84158823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.119.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295722/; classtype:trojan-activity;sid:84158822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.168.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295721/; classtype:trojan-activity;sid:84158821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.47.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295720/; classtype:trojan-activity;sid:84158820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.101.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295718/; classtype:trojan-activity;sid:84158818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.78.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295719/; classtype:trojan-activity;sid:84158819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.0.116"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295716/; classtype:trojan-activity;sid:84158816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.249.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295717/; classtype:trojan-activity;sid:84158817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.116.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295715/; classtype:trojan-activity;sid:84158815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.233.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295714/; classtype:trojan-activity;sid:84158814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.27.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295712/; classtype:trojan-activity;sid:84158812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.131.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295713/; classtype:trojan-activity;sid:84158813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.43.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295711/; classtype:trojan-activity;sid:84158811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.92.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295710/; classtype:trojan-activity;sid:84158810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.249.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295709/; classtype:trojan-activity;sid:84158809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.54.160.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295708/; classtype:trojan-activity;sid:84158808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.237.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295707/; classtype:trojan-activity;sid:84158807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.45.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295706/; classtype:trojan-activity;sid:84158806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.169.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295705/; classtype:trojan-activity;sid:84158805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.155.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295704/; classtype:trojan-activity;sid:84158804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.12.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295703/; classtype:trojan-activity;sid:84158803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.28.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295702/; classtype:trojan-activity;sid:84158802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295699/; classtype:trojan-activity;sid:84158799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.116.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295700/; classtype:trojan-activity;sid:84158800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.58.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295701/; classtype:trojan-activity;sid:84158801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.3.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295698/; classtype:trojan-activity;sid:84158798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.249.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295697/; classtype:trojan-activity;sid:84158797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.247.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295696/; classtype:trojan-activity;sid:84158796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.128.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295695/; classtype:trojan-activity;sid:84158795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.225.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295694/; classtype:trojan-activity;sid:84158794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.89.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295693/; classtype:trojan-activity;sid:84158793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.28.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295692/; classtype:trojan-activity;sid:84158792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.213.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295690/; classtype:trojan-activity;sid:84158790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.86.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295691/; classtype:trojan-activity;sid:84158791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.93.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295688/; classtype:trojan-activity;sid:84158788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.167.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295689/; classtype:trojan-activity;sid:84158789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.43.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295687/; classtype:trojan-activity;sid:84158787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.247.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295685/; classtype:trojan-activity;sid:84158785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.178.176.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295686/; classtype:trojan-activity;sid:84158786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.169.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295684/; classtype:trojan-activity;sid:84158784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.198.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295682/; classtype:trojan-activity;sid:84158782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.146.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295683/; classtype:trojan-activity;sid:84158783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.28.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295681/; classtype:trojan-activity;sid:84158781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295680/; classtype:trojan-activity;sid:84158780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.48.159"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295679/; classtype:trojan-activity;sid:84158779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.2.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295678/; classtype:trojan-activity;sid:84158778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.247.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295677/; classtype:trojan-activity;sid:84158777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.199.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295676/; classtype:trojan-activity;sid:84158776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.27.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295675/; classtype:trojan-activity;sid:84158775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.145.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295674/; classtype:trojan-activity;sid:84158774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.233.169.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295673/; classtype:trojan-activity;sid:84158773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.71.223.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295672/; classtype:trojan-activity;sid:84158772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.238.136.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295671/; classtype:trojan-activity;sid:84158771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.81.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295668/; classtype:trojan-activity;sid:84158768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295669/; classtype:trojan-activity;sid:84158769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295670)"; flow:established,from_client; content:"GET"; http_method; content:"/files/rodda.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295670/; classtype:trojan-activity;sid:84158770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.9.149.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295667/; classtype:trojan-activity;sid:84158767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.138.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295666/; classtype:trojan-activity;sid:84158766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.176.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295665/; classtype:trojan-activity;sid:84158765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.36.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295664/; classtype:trojan-activity;sid:84158764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.103.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295661/; classtype:trojan-activity;sid:84158761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.197.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295662/; classtype:trojan-activity;sid:84158762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.170.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295663/; classtype:trojan-activity;sid:84158763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.229.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295660/; classtype:trojan-activity;sid:84158760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.198.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295659/; classtype:trojan-activity;sid:84158759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.235.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295658/; classtype:trojan-activity;sid:84158758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295657/; classtype:trojan-activity;sid:84158757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.44.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295656/; classtype:trojan-activity;sid:84158756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.240.251.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295655/; classtype:trojan-activity;sid:84158755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.111.17.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295654/; classtype:trojan-activity;sid:84158754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.18.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295653/; classtype:trojan-activity;sid:84158753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.247.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295652/; classtype:trojan-activity;sid:84158752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295651/; classtype:trojan-activity;sid:84158751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.138.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295649/; classtype:trojan-activity;sid:84158749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.178.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295650/; classtype:trojan-activity;sid:84158750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.71.223.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295648/; classtype:trojan-activity;sid:84158748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.240.251.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295647/; classtype:trojan-activity;sid:84158747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.238.136.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295646/; classtype:trojan-activity;sid:84158746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.45.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295645/; classtype:trojan-activity;sid:84158745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.93.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295644/; classtype:trojan-activity;sid:84158744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.147.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295643/; classtype:trojan-activity;sid:84158743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.138.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295641/; classtype:trojan-activity;sid:84158741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.138.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295642/; classtype:trojan-activity;sid:84158742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.111.17.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295640/; classtype:trojan-activity;sid:84158740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.27.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295639/; classtype:trojan-activity;sid:84158739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.94.193.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295638/; classtype:trojan-activity;sid:84158738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295637/; classtype:trojan-activity;sid:84158737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.215.222.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295636/; classtype:trojan-activity;sid:84158736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.3.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295635/; classtype:trojan-activity;sid:84158735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.116.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295634/; classtype:trojan-activity;sid:84158734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.138.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295633/; classtype:trojan-activity;sid:84158733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.88.224.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295632/; classtype:trojan-activity;sid:84158732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.246.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295631/; classtype:trojan-activity;sid:84158731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.8.110.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295630/; classtype:trojan-activity;sid:84158730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.41.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295629/; classtype:trojan-activity;sid:84158729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.76.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295628/; classtype:trojan-activity;sid:84158728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.95.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295627/; classtype:trojan-activity;sid:84158727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.102.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295626/; classtype:trojan-activity;sid:84158726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.16.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295625/; classtype:trojan-activity;sid:84158725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.68.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295624/; classtype:trojan-activity;sid:84158724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.240.9.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295623/; classtype:trojan-activity;sid:84158723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.160.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295622/; classtype:trojan-activity;sid:84158722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.198.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295621/; classtype:trojan-activity;sid:84158721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.83.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295620/; classtype:trojan-activity;sid:84158720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295618)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb9"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.77.172.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295618/; classtype:trojan-activity;sid:84158718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295619)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.77.172.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295619/; classtype:trojan-activity;sid:84158719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295610)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.77.172.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295610/; classtype:trojan-activity;sid:84158710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295611)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb1"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.77.172.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295611/; classtype:trojan-activity;sid:84158711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295612)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb10"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.77.172.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295612/; classtype:trojan-activity;sid:84158712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295613)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.77.172.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295613/; classtype:trojan-activity;sid:84158713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295614)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb2"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.77.172.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295614/; classtype:trojan-activity;sid:84158714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295615)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb11"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.77.172.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295615/; classtype:trojan-activity;sid:84158715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295616)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb3"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.77.172.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295616/; classtype:trojan-activity;sid:84158716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295617)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb8"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.77.172.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295617/; classtype:trojan-activity;sid:84158717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.41.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295608/; classtype:trojan-activity;sid:84158708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295609/; classtype:trojan-activity;sid:84158709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.147.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295607/; classtype:trojan-activity;sid:84158707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.231.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295606/; classtype:trojan-activity;sid:84158706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.139.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295605/; classtype:trojan-activity;sid:84158705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295604)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.173.46.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295604/; classtype:trojan-activity;sid:84158704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.36.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295603/; classtype:trojan-activity;sid:84158703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.4.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295601/; classtype:trojan-activity;sid:84158701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.217.68.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295602/; classtype:trojan-activity;sid:84158702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.108.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295600/; classtype:trojan-activity;sid:84158700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.168.236.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295599/; classtype:trojan-activity;sid:84158699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.88.238.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295598/; classtype:trojan-activity;sid:84158698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.168.53.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295597/; classtype:trojan-activity;sid:84158697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.244.91.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295596/; classtype:trojan-activity;sid:84158696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.8.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295595/; classtype:trojan-activity;sid:84158695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.86.188.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295594/; classtype:trojan-activity;sid:84158694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.77.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295593/; classtype:trojan-activity;sid:84158693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.74.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295592/; classtype:trojan-activity;sid:84158692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.4.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295591/; classtype:trojan-activity;sid:84158691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.77.146.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295590/; classtype:trojan-activity;sid:84158690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.245.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295589/; classtype:trojan-activity;sid:84158689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295587/; classtype:trojan-activity;sid:84158687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.178.125.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295588/; classtype:trojan-activity;sid:84158688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.62.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295586/; classtype:trojan-activity;sid:84158686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295585/; classtype:trojan-activity;sid:84158685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.160.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295584/; classtype:trojan-activity;sid:84158684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.182.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295583/; classtype:trojan-activity;sid:84158683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.141.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295582/; classtype:trojan-activity;sid:84158682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295581)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.173.46.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295581/; classtype:trojan-activity;sid:84158681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.144.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295580/; classtype:trojan-activity;sid:84158680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.8.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295579/; classtype:trojan-activity;sid:84158679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295578)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.87.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295578/; classtype:trojan-activity;sid:84158678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.77.146.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295577/; classtype:trojan-activity;sid:84158677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.54.160.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295576/; classtype:trojan-activity;sid:84158676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.227.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295575/; classtype:trojan-activity;sid:84158675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.244.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295574/; classtype:trojan-activity;sid:84158674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.58.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295573/; classtype:trojan-activity;sid:84158673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.37.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295572/; classtype:trojan-activity;sid:84158672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.240.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295571/; classtype:trojan-activity;sid:84158671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.143.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295570/; classtype:trojan-activity;sid:84158670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.200.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295569/; classtype:trojan-activity;sid:84158669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.86.188.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295568/; classtype:trojan-activity;sid:84158668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.243.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295567/; classtype:trojan-activity;sid:84158667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.187.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295566/; classtype:trojan-activity;sid:84158666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.118.91.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295564/; classtype:trojan-activity;sid:84158664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.111.17.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295565/; classtype:trojan-activity;sid:84158665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.113.124.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295563/; classtype:trojan-activity;sid:84158663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.156.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295562/; classtype:trojan-activity;sid:84158662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.167.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295561/; classtype:trojan-activity;sid:84158661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.67.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295560/; classtype:trojan-activity;sid:84158660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.130.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295559/; classtype:trojan-activity;sid:84158659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.101.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295558/; classtype:trojan-activity;sid:84158658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.41.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295557/; classtype:trojan-activity;sid:84158657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295556/; classtype:trojan-activity;sid:84158656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.243.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295555/; classtype:trojan-activity;sid:84158655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.174.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295554/; classtype:trojan-activity;sid:84158654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.152.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295553/; classtype:trojan-activity;sid:84158653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.234.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295552/; classtype:trojan-activity;sid:84158652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.37.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295551/; classtype:trojan-activity;sid:84158651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.160.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295550/; classtype:trojan-activity;sid:84158650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.41.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295549/; classtype:trojan-activity;sid:84158649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.49.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295548/; classtype:trojan-activity;sid:84158648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.236.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295547/; classtype:trojan-activity;sid:84158647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.210.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295546/; classtype:trojan-activity;sid:84158646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.187.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295545/; classtype:trojan-activity;sid:84158645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.88.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295544/; classtype:trojan-activity;sid:84158644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.225.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295543/; classtype:trojan-activity;sid:84158643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.82.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295542/; classtype:trojan-activity;sid:84158642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.171.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295541/; classtype:trojan-activity;sid:84158641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.245.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295540/; classtype:trojan-activity;sid:84158640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.217.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295539/; classtype:trojan-activity;sid:84158639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.63.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295538/; classtype:trojan-activity;sid:84158638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.233.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295536/; classtype:trojan-activity;sid:84158636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.244.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295537/; classtype:trojan-activity;sid:84158637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.179.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295535/; classtype:trojan-activity;sid:84158635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.130.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295534/; classtype:trojan-activity;sid:84158634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295533/; classtype:trojan-activity;sid:84158633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.101.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295532/; classtype:trojan-activity;sid:84158632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.91.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295531/; classtype:trojan-activity;sid:84158631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.88.224.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295530/; classtype:trojan-activity;sid:84158630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.2.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295528/; classtype:trojan-activity;sid:84158628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.221.225.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295529/; classtype:trojan-activity;sid:84158629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.63.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295526/; classtype:trojan-activity;sid:84158626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.210.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295527/; classtype:trojan-activity;sid:84158627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.179.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295525/; classtype:trojan-activity;sid:84158625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.67.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295524/; classtype:trojan-activity;sid:84158624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.62.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295523/; classtype:trojan-activity;sid:84158623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.150.11.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295522/; classtype:trojan-activity;sid:84158622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.236.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295521/; classtype:trojan-activity;sid:84158621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.45.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295520/; classtype:trojan-activity;sid:84158620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.245.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295519/; classtype:trojan-activity;sid:84158619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.89.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295518/; classtype:trojan-activity;sid:84158618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.224.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295517/; classtype:trojan-activity;sid:84158617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.91.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295516/; classtype:trojan-activity;sid:84158616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.94.191.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295515/; classtype:trojan-activity;sid:84158615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.233.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295514/; classtype:trojan-activity;sid:84158614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.7.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295513/; classtype:trojan-activity;sid:84158613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.241.50.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295512/; classtype:trojan-activity;sid:84158612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.95.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295511/; classtype:trojan-activity;sid:84158611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.17.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295510/; classtype:trojan-activity;sid:84158610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.140.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295509/; classtype:trojan-activity;sid:84158609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.211.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295508/; classtype:trojan-activity;sid:84158608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.151.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295507/; classtype:trojan-activity;sid:84158607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.14.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295506/; classtype:trojan-activity;sid:84158606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.100.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295504/; classtype:trojan-activity;sid:84158604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.88.238.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295505/; classtype:trojan-activity;sid:84158605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.45.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295501/; classtype:trojan-activity;sid:84158601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.75.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295502/; classtype:trojan-activity;sid:84158602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.21.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295503/; classtype:trojan-activity;sid:84158603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.195.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295500/; classtype:trojan-activity;sid:84158600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.14.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295499/; classtype:trojan-activity;sid:84158599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.19.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295498/; classtype:trojan-activity;sid:84158598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.2.227"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295497/; classtype:trojan-activity;sid:84158597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.21.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295496/; classtype:trojan-activity;sid:84158596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.188.17.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295495/; classtype:trojan-activity;sid:84158595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.17.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295494/; classtype:trojan-activity;sid:84158594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.36.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295493/; classtype:trojan-activity;sid:84158593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.0.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295492/; classtype:trojan-activity;sid:84158592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295491/; classtype:trojan-activity;sid:84158591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.195.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295490/; classtype:trojan-activity;sid:84158590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.230.79.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295489/; classtype:trojan-activity;sid:84158589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.224.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295488/; classtype:trojan-activity;sid:84158588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.164.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295486/; classtype:trojan-activity;sid:84158586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.80.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295487/; classtype:trojan-activity;sid:84158587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.91.189"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295485/; classtype:trojan-activity;sid:84158585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.31.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295484/; classtype:trojan-activity;sid:84158584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.134.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295483/; classtype:trojan-activity;sid:84158583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295482)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.227.56.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295482/; classtype:trojan-activity;sid:84158582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.75.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295481/; classtype:trojan-activity;sid:84158581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.60.178.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295480/; classtype:trojan-activity;sid:84158580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.241.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295479/; classtype:trojan-activity;sid:84158579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.113.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295478/; classtype:trojan-activity;sid:84158578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295477/; classtype:trojan-activity;sid:84158577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295476/; classtype:trojan-activity;sid:84158576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.30.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295475/; classtype:trojan-activity;sid:84158575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.19.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295474/; classtype:trojan-activity;sid:84158574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.87.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295473/; classtype:trojan-activity;sid:84158573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.188.17.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295472/; classtype:trojan-activity;sid:84158572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.98.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295471/; classtype:trojan-activity;sid:84158571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.54.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295470/; classtype:trojan-activity;sid:84158570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.63.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295469/; classtype:trojan-activity;sid:84158569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.4.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295468/; classtype:trojan-activity;sid:84158568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.164.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295467/; classtype:trojan-activity;sid:84158567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.176.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295466/; classtype:trojan-activity;sid:84158566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.82.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295465/; classtype:trojan-activity;sid:84158565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.80.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295464/; classtype:trojan-activity;sid:84158564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.104.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295463/; classtype:trojan-activity;sid:84158563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.81.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295462/; classtype:trojan-activity;sid:84158562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.87.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295461/; classtype:trojan-activity;sid:84158561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.134.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295460/; classtype:trojan-activity;sid:84158560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.31.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295459/; classtype:trojan-activity;sid:84158559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.96.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295458/; classtype:trojan-activity;sid:84158558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.98.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295457/; classtype:trojan-activity;sid:84158557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.60.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295456/; classtype:trojan-activity;sid:84158556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.134.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295455/; classtype:trojan-activity;sid:84158555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295454/; classtype:trojan-activity;sid:84158554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.161.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295453/; classtype:trojan-activity;sid:84158553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.87.28.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295452/; classtype:trojan-activity;sid:84158552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.109.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295451/; classtype:trojan-activity;sid:84158551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.176.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295450/; classtype:trojan-activity;sid:84158550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295449/; classtype:trojan-activity;sid:84158549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.125.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295448/; classtype:trojan-activity;sid:84158548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295447)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.36.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295447/; classtype:trojan-activity;sid:84158547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.235.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295446/; classtype:trojan-activity;sid:84158546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.227.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295445/; classtype:trojan-activity;sid:84158545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.96.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295444/; classtype:trojan-activity;sid:84158544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295443)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"171.231.113.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295443/; classtype:trojan-activity;sid:84158543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.84.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295442/; classtype:trojan-activity;sid:84158542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.74.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295441/; classtype:trojan-activity;sid:84158541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.12.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295440/; classtype:trojan-activity;sid:84158540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.87.28.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295439/; classtype:trojan-activity;sid:84158539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.125.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295438/; classtype:trojan-activity;sid:84158538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295437/; classtype:trojan-activity;sid:84158537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.56.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295436/; classtype:trojan-activity;sid:84158536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.125.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295435/; classtype:trojan-activity;sid:84158535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.84.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295434/; classtype:trojan-activity;sid:84158534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.119.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295433/; classtype:trojan-activity;sid:84158533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.223.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295429/; classtype:trojan-activity;sid:84158529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295430)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.100.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295430/; classtype:trojan-activity;sid:84158530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295431)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.158.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295431/; classtype:trojan-activity;sid:84158531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.220.238.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295432/; classtype:trojan-activity;sid:84158532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.36.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295428/; classtype:trojan-activity;sid:84158528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.34.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295427/; classtype:trojan-activity;sid:84158527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.74.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295426/; classtype:trojan-activity;sid:84158526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.228.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295425/; classtype:trojan-activity;sid:84158525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.32.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295424/; classtype:trojan-activity;sid:84158524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.12.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295423/; classtype:trojan-activity;sid:84158523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.12.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295422/; classtype:trojan-activity;sid:84158522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.172.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295421/; classtype:trojan-activity;sid:84158521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.56.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295420/; classtype:trojan-activity;sid:84158520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.21.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295419/; classtype:trojan-activity;sid:84158519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.86.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295418/; classtype:trojan-activity;sid:84158518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.44.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295417/; classtype:trojan-activity;sid:84158517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.235.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295416/; classtype:trojan-activity;sid:84158516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.41.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295415/; classtype:trojan-activity;sid:84158515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.230.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295414/; classtype:trojan-activity;sid:84158514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.32.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295413/; classtype:trojan-activity;sid:84158513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.49.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295412/; classtype:trojan-activity;sid:84158512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.94.67.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295411/; classtype:trojan-activity;sid:84158511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295410/; classtype:trojan-activity;sid:84158510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.22.123.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295409/; classtype:trojan-activity;sid:84158509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.68.142.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295408/; classtype:trojan-activity;sid:84158508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.135.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295407/; classtype:trojan-activity;sid:84158507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.30.93.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295406/; classtype:trojan-activity;sid:84158506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.131.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295405/; classtype:trojan-activity;sid:84158505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.21.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295403/; classtype:trojan-activity;sid:84158503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.44.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295404/; classtype:trojan-activity;sid:84158504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.86.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295402/; classtype:trojan-activity;sid:84158502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295401/; classtype:trojan-activity;sid:84158501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295400)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.177.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295400/; classtype:trojan-activity;sid:84158500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.104.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295399/; classtype:trojan-activity;sid:84158499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.14.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295398/; classtype:trojan-activity;sid:84158498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.4.224.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295397/; classtype:trojan-activity;sid:84158497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.234.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295396/; classtype:trojan-activity;sid:84158496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.32.50.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295394/; classtype:trojan-activity;sid:84158494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.249.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295395/; classtype:trojan-activity;sid:84158495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295393/; classtype:trojan-activity;sid:84158493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.234.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295392/; classtype:trojan-activity;sid:84158492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.210.121.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295391/; classtype:trojan-activity;sid:84158491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.114.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295390/; classtype:trojan-activity;sid:84158490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.36.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295389/; classtype:trojan-activity;sid:84158489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.68.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295388/; classtype:trojan-activity;sid:84158488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295386)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.83.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295386/; classtype:trojan-activity;sid:84158486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295387)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.18.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295387/; classtype:trojan-activity;sid:84158487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295385)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.20.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295385/; classtype:trojan-activity;sid:84158485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295383)"; flow:established,from_client; content:"GET"; http_method; content:"/work/xxx.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"petshopsg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295383/; classtype:trojan-activity;sid:84158483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295384)"; flow:established,from_client; content:"GET"; http_method; content:"/work/xxx.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"inayatullah.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295384/; classtype:trojan-activity;sid:84158484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.32.50.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295381/; classtype:trojan-activity;sid:84158481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.68.142.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295382/; classtype:trojan-activity;sid:84158482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.240.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295380/; classtype:trojan-activity;sid:84158480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.144.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295379/; classtype:trojan-activity;sid:84158479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.152.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295378/; classtype:trojan-activity;sid:84158478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.236.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295377/; classtype:trojan-activity;sid:84158477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.46.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295376/; classtype:trojan-activity;sid:84158476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.4.224.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295375/; classtype:trojan-activity;sid:84158475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.46.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295373/; classtype:trojan-activity;sid:84158473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.18.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295374/; classtype:trojan-activity;sid:84158474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.104.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295372/; classtype:trojan-activity;sid:84158472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.174.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295371/; classtype:trojan-activity;sid:84158471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295370/; classtype:trojan-activity;sid:84158470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.13.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295369/; classtype:trojan-activity;sid:84158469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.121.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295368/; classtype:trojan-activity;sid:84158468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.18.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295367/; classtype:trojan-activity;sid:84158467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.108.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295366/; classtype:trojan-activity;sid:84158466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295365)"; flow:established,from_client; content:"GET"; http_method; content:"/files/potwierdzenie.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295365/; classtype:trojan-activity;sid:84158465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.80.162.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295364/; classtype:trojan-activity;sid:84158464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.5.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295363/; classtype:trojan-activity;sid:84158463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295361)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/nidbfhk.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295361/; classtype:trojan-activity;sid:84158461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.205.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295362/; classtype:trojan-activity;sid:84158462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295360)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/dfkoiec.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295360/; classtype:trojan-activity;sid:84158460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.152.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295359/; classtype:trojan-activity;sid:84158459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.147.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295357/; classtype:trojan-activity;sid:84158457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.56.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295358/; classtype:trojan-activity;sid:84158458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295355)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.220.106.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295355/; classtype:trojan-activity;sid:84158455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295356)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.220.106.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295356/; classtype:trojan-activity;sid:84158456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295351)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.220.106.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295351/; classtype:trojan-activity;sid:84158451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295352)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"panel.chanbaba.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295352/; classtype:trojan-activity;sid:84158452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295353)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"panel.chanbaba.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295353/; classtype:trojan-activity;sid:84158453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295354)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"panel.chanbaba.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295354/; classtype:trojan-activity;sid:84158454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295347)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"panel.chanbaba.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295347/; classtype:trojan-activity;sid:84158447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295348)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"panel.chanbaba.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295348/; classtype:trojan-activity;sid:84158448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295349)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"panel.chanbaba.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295349/; classtype:trojan-activity;sid:84158449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295350)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"panel.chanbaba.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295350/; classtype:trojan-activity;sid:84158450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295344)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"panel.chanbaba.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295344/; classtype:trojan-activity;sid:84158444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295345)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"panel.chanbaba.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295345/; classtype:trojan-activity;sid:84158445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295346)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"panel.chanbaba.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295346/; classtype:trojan-activity;sid:84158446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295339)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"panel.chanbaba.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295339/; classtype:trojan-activity;sid:84158439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295340)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.220.106.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295340/; classtype:trojan-activity;sid:84158440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295341)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"panel.chanbaba.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295341/; classtype:trojan-activity;sid:84158441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295342)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"panel.chanbaba.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295342/; classtype:trojan-activity;sid:84158442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295343)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.220.106.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295343/; classtype:trojan-activity;sid:84158443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295338)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"panel.chanbaba.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295338/; classtype:trojan-activity;sid:84158438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295337)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.220.106.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295337/; classtype:trojan-activity;sid:84158437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295334)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.220.106.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295334/; classtype:trojan-activity;sid:84158434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295335)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.220.106.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295335/; classtype:trojan-activity;sid:84158435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295336)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.220.106.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295336/; classtype:trojan-activity;sid:84158436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295331)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.220.106.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295331/; classtype:trojan-activity;sid:84158431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295332)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.220.106.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295332/; classtype:trojan-activity;sid:84158432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295333)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.220.106.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295333/; classtype:trojan-activity;sid:84158433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295329)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.220.106.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295329/; classtype:trojan-activity;sid:84158429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295330)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.220.106.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295330/; classtype:trojan-activity;sid:84158430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.188.16.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295328/; classtype:trojan-activity;sid:84158428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295326)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.34.230.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295326/; classtype:trojan-activity;sid:84158426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.55.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295327/; classtype:trojan-activity;sid:84158427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295325)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.34.230.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295325/; classtype:trojan-activity;sid:84158425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295323)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.34.230.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295323/; classtype:trojan-activity;sid:84158423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.41.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295324/; classtype:trojan-activity;sid:84158424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295315)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.34.230.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295315/; classtype:trojan-activity;sid:84158415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295316)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.34.230.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295316/; classtype:trojan-activity;sid:84158416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295317)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.34.230.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295317/; classtype:trojan-activity;sid:84158417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295318)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.34.230.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295318/; classtype:trojan-activity;sid:84158418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295319)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.34.230.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295319/; classtype:trojan-activity;sid:84158419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295320)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.34.230.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295320/; classtype:trojan-activity;sid:84158420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295321)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.34.230.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295321/; classtype:trojan-activity;sid:84158421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295322)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.34.230.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295322/; classtype:trojan-activity;sid:84158422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.174.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295314/; classtype:trojan-activity;sid:84158414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.75.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295313/; classtype:trojan-activity;sid:84158413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.125.241.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295310/; classtype:trojan-activity;sid:84158410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.234.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295311/; classtype:trojan-activity;sid:84158411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.89.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295312/; classtype:trojan-activity;sid:84158412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.177.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295308/; classtype:trojan-activity;sid:84158408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.158.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295309/; classtype:trojan-activity;sid:84158409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.38.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295307/; classtype:trojan-activity;sid:84158407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.137.250.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295306/; classtype:trojan-activity;sid:84158406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.192.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295305/; classtype:trojan-activity;sid:84158405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.42.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295304/; classtype:trojan-activity;sid:84158404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.56.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295303/; classtype:trojan-activity;sid:84158403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.147.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295302/; classtype:trojan-activity;sid:84158402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.0.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295301/; classtype:trojan-activity;sid:84158401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.188.16.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295300/; classtype:trojan-activity;sid:84158400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.55.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295298/; classtype:trojan-activity;sid:84158398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.113.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295299/; classtype:trojan-activity;sid:84158399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.116.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295297/; classtype:trojan-activity;sid:84158397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.77.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295296/; classtype:trojan-activity;sid:84158396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.158.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295295/; classtype:trojan-activity;sid:84158395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.68.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295294/; classtype:trojan-activity;sid:84158394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295293)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.77.4.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295293/; classtype:trojan-activity;sid:84158393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.255.133.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295292/; classtype:trojan-activity;sid:84158392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.193.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295290/; classtype:trojan-activity;sid:84158390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.214.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295291/; classtype:trojan-activity;sid:84158391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.255.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295289/; classtype:trojan-activity;sid:84158389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.177.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295288/; classtype:trojan-activity;sid:84158388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.77.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295287/; classtype:trojan-activity;sid:84158387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295286)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ndur.events.socalpocis.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295286/; classtype:trojan-activity;sid:84158386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.0.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295285/; classtype:trojan-activity;sid:84158385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.186.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295283/; classtype:trojan-activity;sid:84158383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.15.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295284/; classtype:trojan-activity;sid:84158384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.17.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295282/; classtype:trojan-activity;sid:84158382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.193.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295281/; classtype:trojan-activity;sid:84158381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.99.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295280/; classtype:trojan-activity;sid:84158380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.255.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295279/; classtype:trojan-activity;sid:84158379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.226.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295278/; classtype:trojan-activity;sid:84158378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.242.49.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295277/; classtype:trojan-activity;sid:84158377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.13.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295276/; classtype:trojan-activity;sid:84158376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.3.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295275/; classtype:trojan-activity;sid:84158375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295273)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.15.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295273/; classtype:trojan-activity;sid:84158373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.15.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295274/; classtype:trojan-activity;sid:84158374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.78.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295272/; classtype:trojan-activity;sid:84158372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.174.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295271/; classtype:trojan-activity;sid:84158371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.215.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295270/; classtype:trojan-activity;sid:84158370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.226.71.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295269/; classtype:trojan-activity;sid:84158369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.226.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295268/; classtype:trojan-activity;sid:84158368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.146.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295267/; classtype:trojan-activity;sid:84158367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.99.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295266/; classtype:trojan-activity;sid:84158366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.96.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295265/; classtype:trojan-activity;sid:84158365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.242.49.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295264/; classtype:trojan-activity;sid:84158364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.78.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295262/; classtype:trojan-activity;sid:84158362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.17.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295263/; classtype:trojan-activity;sid:84158363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.92.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295261/; classtype:trojan-activity;sid:84158361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.253.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295260/; classtype:trojan-activity;sid:84158360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.214.158.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295259/; classtype:trojan-activity;sid:84158359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295258/; classtype:trojan-activity;sid:84158358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295257/; classtype:trojan-activity;sid:84158357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295256)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.182.153.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295256/; classtype:trojan-activity;sid:84158356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.87.0.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295255/; classtype:trojan-activity;sid:84158355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.215.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295254/; classtype:trojan-activity;sid:84158354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.146.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295253/; classtype:trojan-activity;sid:84158353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295252)"; flow:established,from_client; content:"GET"; http_method; content:"/gotocheckout"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tuw.events.socalpocis.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295252/; classtype:trojan-activity;sid:84158352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295251/; classtype:trojan-activity;sid:84158351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295250/; classtype:trojan-activity;sid:84158350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295249)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.182.246.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295249/; classtype:trojan-activity;sid:84158349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.149.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295248/; classtype:trojan-activity;sid:84158348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.15.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295247/; classtype:trojan-activity;sid:84158347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.92.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295246/; classtype:trojan-activity;sid:84158346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.21.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295245/; classtype:trojan-activity;sid:84158345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295244/; classtype:trojan-activity;sid:84158344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295243/; classtype:trojan-activity;sid:84158343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.56.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295242/; classtype:trojan-activity;sid:84158342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.83.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295241/; classtype:trojan-activity;sid:84158341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.246.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295240/; classtype:trojan-activity;sid:84158340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.172.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295239/; classtype:trojan-activity;sid:84158339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.255.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295238/; classtype:trojan-activity;sid:84158338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.152.147.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295237/; classtype:trojan-activity;sid:84158337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.40.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295236/; classtype:trojan-activity;sid:84158336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295235)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.191.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295235/; classtype:trojan-activity;sid:84158335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.149.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295234/; classtype:trojan-activity;sid:84158334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.172.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295233/; classtype:trojan-activity;sid:84158333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.235.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295232/; classtype:trojan-activity;sid:84158332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.245.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295231/; classtype:trojan-activity;sid:84158331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.255.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295230/; classtype:trojan-activity;sid:84158330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295228)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.152.147.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295228/; classtype:trojan-activity;sid:84158328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.173.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295229/; classtype:trojan-activity;sid:84158329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.152.170.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295226/; classtype:trojan-activity;sid:84158326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.38.19.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295227/; classtype:trojan-activity;sid:84158327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.246.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295225/; classtype:trojan-activity;sid:84158325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.181.12.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295224/; classtype:trojan-activity;sid:84158324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.51.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295223/; classtype:trojan-activity;sid:84158323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.108.109.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295222/; classtype:trojan-activity;sid:84158322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.150.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295221/; classtype:trojan-activity;sid:84158321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.235.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295220/; classtype:trojan-activity;sid:84158320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.78.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295219/; classtype:trojan-activity;sid:84158319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.168.53.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295218/; classtype:trojan-activity;sid:84158318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.152.147.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295217/; classtype:trojan-activity;sid:84158317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.203.68.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295216/; classtype:trojan-activity;sid:84158316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.214.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295215/; classtype:trojan-activity;sid:84158315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.249.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295214/; classtype:trojan-activity;sid:84158314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.109.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295213/; classtype:trojan-activity;sid:84158313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.12.37"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295212/; classtype:trojan-activity;sid:84158312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.78.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295211/; classtype:trojan-activity;sid:84158311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.18.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295210/; classtype:trojan-activity;sid:84158310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.18.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295209/; classtype:trojan-activity;sid:84158309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.69.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295208/; classtype:trojan-activity;sid:84158308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.220.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295207/; classtype:trojan-activity;sid:84158307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.194.235.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295204/; classtype:trojan-activity;sid:84158304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.214.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295205/; classtype:trojan-activity;sid:84158305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.248.230.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295206/; classtype:trojan-activity;sid:84158306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.191.21.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295200/; classtype:trojan-activity;sid:84158300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295201)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.91.193.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295201/; classtype:trojan-activity;sid:84158301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.241.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295202/; classtype:trojan-activity;sid:84158302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.131.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295203/; classtype:trojan-activity;sid:84158303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.60.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295199/; classtype:trojan-activity;sid:84158299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.131.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295193/; classtype:trojan-activity;sid:84158293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.189.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295194/; classtype:trojan-activity;sid:84158294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.91.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295195/; classtype:trojan-activity;sid:84158295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.57.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295196/; classtype:trojan-activity;sid:84158296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.57.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295197/; classtype:trojan-activity;sid:84158297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.179.249.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295198/; classtype:trojan-activity;sid:84158298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.191.21.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295187/; classtype:trojan-activity;sid:84158287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.116.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295188/; classtype:trojan-activity;sid:84158288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.44.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295189/; classtype:trojan-activity;sid:84158289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.105.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295190/; classtype:trojan-activity;sid:84158290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.4.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295191/; classtype:trojan-activity;sid:84158291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.219.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295192/; classtype:trojan-activity;sid:84158292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.51.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295186/; classtype:trojan-activity;sid:84158286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.182.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295185/; classtype:trojan-activity;sid:84158285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.204.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295184/; classtype:trojan-activity;sid:84158284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.3.21"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295183/; classtype:trojan-activity;sid:84158283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.214.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295182/; classtype:trojan-activity;sid:84158282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.54.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295181/; classtype:trojan-activity;sid:84158281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.154.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295180/; classtype:trojan-activity;sid:84158280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.191.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295178/; classtype:trojan-activity;sid:84158278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.89.252.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295179/; classtype:trojan-activity;sid:84158279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.188.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295170/; classtype:trojan-activity;sid:84158270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.89.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295171/; classtype:trojan-activity;sid:84158271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.163.81.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295172/; classtype:trojan-activity;sid:84158272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.114.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295173/; classtype:trojan-activity;sid:84158273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.146.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295174/; classtype:trojan-activity;sid:84158274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.187.17.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295175/; classtype:trojan-activity;sid:84158275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.244.214.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295176/; classtype:trojan-activity;sid:84158276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.244.214.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295177/; classtype:trojan-activity;sid:84158277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.73.204.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295169/; classtype:trojan-activity;sid:84158269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.88.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295168/; classtype:trojan-activity;sid:84158268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.73.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295167/; classtype:trojan-activity;sid:84158267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.154.196.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295166/; classtype:trojan-activity;sid:84158266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.62.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295165/; classtype:trojan-activity;sid:84158265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295164)"; flow:established,from_client; content:"GET"; http_method; content:"/megafund/gambinho.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"end-vt.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295164/; classtype:trojan-activity;sid:84158264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295163)"; flow:established,from_client; content:"GET"; http_method; content:"/94082236017531.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.159.113.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295163/; classtype:trojan-activity;sid:84158263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295162)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"85.192.37.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295162/; classtype:trojan-activity;sid:84158262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.182.153.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295161/; classtype:trojan-activity;sid:84158261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295158/; classtype:trojan-activity;sid:84158258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.214.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295159/; classtype:trojan-activity;sid:84158259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.14.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295160/; classtype:trojan-activity;sid:84158260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.236.160.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295157/; classtype:trojan-activity;sid:84158257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.248.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295156/; classtype:trojan-activity;sid:84158256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.154.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295155/; classtype:trojan-activity;sid:84158255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.194.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295154/; classtype:trojan-activity;sid:84158254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295153)"; flow:established,from_client; content:"GET"; http_method; content:"/53/cg/bestthingsalwaysgetbesrentirelifethingstogdomybetterthignswithgreat.hta"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"107.172.44.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295153/; classtype:trojan-activity;sid:84158253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295152)"; flow:established,from_client; content:"GET"; http_method; content:"/53/seemybestnetworkwhichgivebestthingsentirelifewithme.tif"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"107.172.44.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295152/; classtype:trojan-activity;sid:84158252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295151)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/bmfplgqmxzovv105.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"heavyequipmentsales.au"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295151/; classtype:trojan-activity;sid:84158251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295150)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/verdensalt.asi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"heavyequipmentsales.au"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295150/; classtype:trojan-activity;sid:84158250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295148)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gx2ez0dxc3zo342-rxkec4d-mhyak-pe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295148/; classtype:trojan-activity;sid:84158248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295149)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1klrrxmj0mpao4gvbs34infj1sqexs5wp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295149/; classtype:trojan-activity;sid:84158249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.191.81.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295147/; classtype:trojan-activity;sid:84158247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295145)"; flow:established,from_client; content:"GET"; http_method; content:"/36/caspol.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"192.3.243.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295145/; classtype:trojan-activity;sid:84158245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295146)"; flow:established,from_client; content:"GET"; http_method; content:"/37/caspol.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"192.3.243.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295146/; classtype:trojan-activity;sid:84158246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295143)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/rf/seemybestbeautifulgirlwhowantbestthignsenitrelifetimethingstobe.hta"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"192.3.243.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295143/; classtype:trojan-activity;sid:84158243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295144)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/de/givemebestwithentiretimegivenmebestthingsalwaysforgetbacknew.hta"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"192.3.243.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295144/; classtype:trojan-activity;sid:84158244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295142)"; flow:established,from_client; content:"GET"; http_method; content:"/657/caspol.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"66.63.187.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295142/; classtype:trojan-activity;sid:84158242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295141)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/noc/seemefasterthanbeforewithhisbestthingsinonlineforgetreadyfor.hta"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"66.63.187.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295141/; classtype:trojan-activity;sid:84158241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.239.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295140/; classtype:trojan-activity;sid:84158240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.214.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295139/; classtype:trojan-activity;sid:84158239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295138)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.170.144.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295138/; classtype:trojan-activity;sid:84158238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.35.225.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295137/; classtype:trojan-activity;sid:84158237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.208.26.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295132/; classtype:trojan-activity;sid:84158232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295133)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"85.192.37.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295133/; classtype:trojan-activity;sid:84158233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.6.77"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295134/; classtype:trojan-activity;sid:84158234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295135)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"85.192.37.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295135/; classtype:trojan-activity;sid:84158235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.235.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295136/; classtype:trojan-activity;sid:84158236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.177.151.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295130/; classtype:trojan-activity;sid:84158230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.177.151.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295131/; classtype:trojan-activity;sid:84158231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.204.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295128/; classtype:trojan-activity;sid:84158228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.54.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295129/; classtype:trojan-activity;sid:84158229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.75.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295127/; classtype:trojan-activity;sid:84158227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.104.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295126/; classtype:trojan-activity;sid:84158226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.102.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295125/; classtype:trojan-activity;sid:84158225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.201.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295124/; classtype:trojan-activity;sid:84158224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295123/; classtype:trojan-activity;sid:84158223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.248.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295122/; classtype:trojan-activity;sid:84158222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.239.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295120/; classtype:trojan-activity;sid:84158220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295121)"; flow:established,from_client; content:"GET"; http_method; content:"/zfsrvbrrquo53.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.222.57.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295121/; classtype:trojan-activity;sid:84158221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.167.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295119/; classtype:trojan-activity;sid:84158219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.37.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295118/; classtype:trojan-activity;sid:84158218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.3.21"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295117/; classtype:trojan-activity;sid:84158217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.75.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295116/; classtype:trojan-activity;sid:84158216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.96.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295115/; classtype:trojan-activity;sid:84158215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.6.91.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295114/; classtype:trojan-activity;sid:84158214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.7.204.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295113/; classtype:trojan-activity;sid:84158213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295112)"; flow:established,from_client; content:"GET"; http_method; content:"/b/mipsel"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.209.133.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295112/; classtype:trojan-activity;sid:84158212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.33.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295111/; classtype:trojan-activity;sid:84158211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.234.160.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295110/; classtype:trojan-activity;sid:84158210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.141.245.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295108/; classtype:trojan-activity;sid:84158208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.141.245.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295109/; classtype:trojan-activity;sid:84158209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.141.245.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295107/; classtype:trojan-activity;sid:84158207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295106/; classtype:trojan-activity;sid:84158206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.127.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295105/; classtype:trojan-activity;sid:84158205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.224.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295104/; classtype:trojan-activity;sid:84158204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.169.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295103/; classtype:trojan-activity;sid:84158203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.130.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295102/; classtype:trojan-activity;sid:84158202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.91.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295101/; classtype:trojan-activity;sid:84158201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.7.204.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295100/; classtype:trojan-activity;sid:84158200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.157.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295099/; classtype:trojan-activity;sid:84158199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.54.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295098/; classtype:trojan-activity;sid:84158198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.15.165"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295097/; classtype:trojan-activity;sid:84158197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295096)"; flow:established,from_client; content:"GET"; http_method; content:"/botpilled/rbot"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"31.56.7.159"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295096/; classtype:trojan-activity;sid:84158196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.44.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295095/; classtype:trojan-activity;sid:84158195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295094)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.213.187.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295094/; classtype:trojan-activity;sid:84158194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.70.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295093/; classtype:trojan-activity;sid:84158193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295092)"; flow:established,from_client; content:"GET"; http_method; content:"/1.php|3f|s=mints13"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"rigzuvzi3bnz3.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295092/; classtype:trojan-activity;sid:84158192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295091/; classtype:trojan-activity;sid:84158191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.169.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295090/; classtype:trojan-activity;sid:84158190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.37.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295089/; classtype:trojan-activity;sid:84158189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.99.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295088/; classtype:trojan-activity;sid:84158188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.99.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295087/; classtype:trojan-activity;sid:84158187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.59.154.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295086/; classtype:trojan-activity;sid:84158186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.30.241.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295084/; classtype:trojan-activity;sid:84158184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.156.89.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295085/; classtype:trojan-activity;sid:84158185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.44.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295083/; classtype:trojan-activity;sid:84158183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295082)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.96.51"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295082/; classtype:trojan-activity;sid:84158182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.54.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295081/; classtype:trojan-activity;sid:84158181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.252.219.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295080/; classtype:trojan-activity;sid:84158180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.150.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295077/; classtype:trojan-activity;sid:84158177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295078)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"youxj.staff.plenarykcg.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295078/; classtype:trojan-activity;sid:84158178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.206.159.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295079/; classtype:trojan-activity;sid:84158179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.100.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295076/; classtype:trojan-activity;sid:84158176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295075)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295075/; classtype:trojan-activity;sid:84158175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.153.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295074/; classtype:trojan-activity;sid:84158174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.80.0.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295073/; classtype:trojan-activity;sid:84158173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.59.154.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295072/; classtype:trojan-activity;sid:84158172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.246.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295071/; classtype:trojan-activity;sid:84158171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.252.219.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295070/; classtype:trojan-activity;sid:84158170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.137.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295069/; classtype:trojan-activity;sid:84158169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.163.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295068/; classtype:trojan-activity;sid:84158168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.141.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295067/; classtype:trojan-activity;sid:84158167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.241.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295066/; classtype:trojan-activity;sid:84158166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295065)"; flow:established,from_client; content:"GET"; http_method; content:"/aieurghnb/mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.216.18.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295065/; classtype:trojan-activity;sid:84158165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295064/; classtype:trojan-activity;sid:84158164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.217.188.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295061/; classtype:trojan-activity;sid:84158161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.218.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295062/; classtype:trojan-activity;sid:84158162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.6.200"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295063/; classtype:trojan-activity;sid:84158163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.65.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295060/; classtype:trojan-activity;sid:84158160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.89.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295059/; classtype:trojan-activity;sid:84158159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.171.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295058/; classtype:trojan-activity;sid:84158158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.9.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295057/; classtype:trojan-activity;sid:84158157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.139.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295055/; classtype:trojan-activity;sid:84158155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.134.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295056/; classtype:trojan-activity;sid:84158156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.109.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295053/; classtype:trojan-activity;sid:84158153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.137.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295054/; classtype:trojan-activity;sid:84158154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.67.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295052/; classtype:trojan-activity;sid:84158152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295051/; classtype:trojan-activity;sid:84158151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.164.178.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295050/; classtype:trojan-activity;sid:84158150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.9.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295049/; classtype:trojan-activity;sid:84158149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.237.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295048/; classtype:trojan-activity;sid:84158148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.109.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295047/; classtype:trojan-activity;sid:84158147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295046/; classtype:trojan-activity;sid:84158146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295045)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.15.11.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295045/; classtype:trojan-activity;sid:84158145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.237.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295044/; classtype:trojan-activity;sid:84158144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295043/; classtype:trojan-activity;sid:84158143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.115.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295042/; classtype:trojan-activity;sid:84158142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.98.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295041/; classtype:trojan-activity;sid:84158141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.27.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295039/; classtype:trojan-activity;sid:84158139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.139.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295040/; classtype:trojan-activity;sid:84158140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295038)"; flow:established,from_client; content:"GET"; http_method; content:"/files/lummac21.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295038/; classtype:trojan-activity;sid:84158138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.160.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295037/; classtype:trojan-activity;sid:84158137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.101.37.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295036/; classtype:trojan-activity;sid:84158136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.26.73.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295035/; classtype:trojan-activity;sid:84158135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.248.15.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295034/; classtype:trojan-activity;sid:84158134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.18.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295033/; classtype:trojan-activity;sid:84158133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.163.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295032/; classtype:trojan-activity;sid:84158132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.247.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295031/; classtype:trojan-activity;sid:84158131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295030)"; flow:established,from_client; content:"GET"; http_method; content:"/cam.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ready-bathroom-carter-membrane.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295030/; classtype:trojan-activity;sid:84158130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295029)"; flow:established,from_client; content:"GET"; http_method; content:"/bab.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ready-bathroom-carter-membrane.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295029/; classtype:trojan-activity;sid:84158129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.160.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295028/; classtype:trojan-activity;sid:84158128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.25.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295027/; classtype:trojan-activity;sid:84158127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.246.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295026/; classtype:trojan-activity;sid:84158126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.115.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295024/; classtype:trojan-activity;sid:84158124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.158.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295025/; classtype:trojan-activity;sid:84158125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295023/; classtype:trojan-activity;sid:84158123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295022/; classtype:trojan-activity;sid:84158122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.138.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295021/; classtype:trojan-activity;sid:84158121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.101.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295020/; classtype:trojan-activity;sid:84158120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.247.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295018/; classtype:trojan-activity;sid:84158118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.160.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295019/; classtype:trojan-activity;sid:84158119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.35.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295017/; classtype:trojan-activity;sid:84158117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295016/; classtype:trojan-activity;sid:84158116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.99.5.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295015/; classtype:trojan-activity;sid:84158115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.164.248.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295014/; classtype:trojan-activity;sid:84158114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.191.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295013/; classtype:trojan-activity;sid:84158113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.25.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295012/; classtype:trojan-activity;sid:84158112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295011)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/5q0yfui8952dbdk2bzxtk/rechnung-10923331-pdf.zip|3f|rlkey=cl9m35y963jw0ao7l41mmqmtd|7c|26|7c|st=jeg6hbwe|7c|26|7c|dl=0"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295011/; classtype:trojan-activity;sid:84158111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295008)"; flow:established,from_client; content:"GET"; http_method; content:"/tat.vbs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ni-olympic-forests-invoice.trycloudflare.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295008/; classtype:trojan-activity;sid:84158108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295009)"; flow:established,from_client; content:"GET"; http_method; content:"/voi.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ni-olympic-forests-invoice.trycloudflare.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295009/; classtype:trojan-activity;sid:84158109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295010)"; flow:established,from_client; content:"GET"; http_method; content:"/de/dkm-9067291.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ni-olympic-forests-invoice.trycloudflare.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295010/; classtype:trojan-activity;sid:84158110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.74.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295007/; classtype:trojan-activity;sid:84158107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.47.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295006/; classtype:trojan-activity;sid:84158106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.138.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295004/; classtype:trojan-activity;sid:84158104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.227.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295005/; classtype:trojan-activity;sid:84158105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.189.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295001/; classtype:trojan-activity;sid:84158101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.95.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295002/; classtype:trojan-activity;sid:84158102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.15.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295003/; classtype:trojan-activity;sid:84158103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.15.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294999/; classtype:trojan-activity;sid:84158099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.241.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295000/; classtype:trojan-activity;sid:84158100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.252.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294998/; classtype:trojan-activity;sid:84158098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294997)"; flow:established,from_client; content:"GET"; http_method; content:"/chomeset.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pub-62d5cdf3fcfb4f1a97de07d140c6faa6.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294997/; classtype:trojan-activity;sid:84158097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.252.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294996/; classtype:trojan-activity;sid:84158096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.124.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294995/; classtype:trojan-activity;sid:84158095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.80.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294994/; classtype:trojan-activity;sid:84158094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.81.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294993/; classtype:trojan-activity;sid:84158093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.59.154.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294992/; classtype:trojan-activity;sid:84158092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.83.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294991/; classtype:trojan-activity;sid:84158091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.97.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294990/; classtype:trojan-activity;sid:84158090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.74.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294989/; classtype:trojan-activity;sid:84158089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.57.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294988/; classtype:trojan-activity;sid:84158088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.84.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294987/; classtype:trojan-activity;sid:84158087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.186.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294986/; classtype:trojan-activity;sid:84158086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.47.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294984/; classtype:trojan-activity;sid:84158084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.95.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294985/; classtype:trojan-activity;sid:84158085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.167.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294983/; classtype:trojan-activity;sid:84158083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294982/; classtype:trojan-activity;sid:84158082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.137.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294981/; classtype:trojan-activity;sid:84158081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.80.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294980/; classtype:trojan-activity;sid:84158080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.249.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294979/; classtype:trojan-activity;sid:84158079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.46.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294978/; classtype:trojan-activity;sid:84158078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.186.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294977/; classtype:trojan-activity;sid:84158077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294976/; classtype:trojan-activity;sid:84158076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294975)"; flow:established,from_client; content:"GET"; http_method; content:"/adcha.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"german-multiple-reunion-foundation.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294975/; classtype:trojan-activity;sid:84158075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294974)"; flow:established,from_client; content:"GET"; http_method; content:"/fstp.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"german-multiple-reunion-foundation.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294974/; classtype:trojan-activity;sid:84158074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294973)"; flow:established,from_client; content:"GET"; http_method; content:"/wlcha.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"german-multiple-reunion-foundation.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294973/; classtype:trojan-activity;sid:84158073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294972)"; flow:established,from_client; content:"GET"; http_method; content:"/emes.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"german-multiple-reunion-foundation.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294972/; classtype:trojan-activity;sid:84158072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294971)"; flow:established,from_client; content:"GET"; http_method; content:"/galeria.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"german-multiple-reunion-foundation.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294971/; classtype:trojan-activity;sid:84158071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294969)"; flow:established,from_client; content:"GET"; http_method; content:"/lietz/rechnung_966470_100_20240_pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"german-multiple-reunion-foundation.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294969/; classtype:trojan-activity;sid:84158069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294970)"; flow:established,from_client; content:"GET"; http_method; content:"/tardiff/inv.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"german-multiple-reunion-foundation.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294970/; classtype:trojan-activity;sid:84158070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294968)"; flow:established,from_client; content:"GET"; http_method; content:"/attn.vbs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"german-multiple-reunion-foundation.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294968/; classtype:trojan-activity;sid:84158068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.210.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294967/; classtype:trojan-activity;sid:84158067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.101.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294966/; classtype:trojan-activity;sid:84158066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.167.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294964/; classtype:trojan-activity;sid:84158064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.84.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294965/; classtype:trojan-activity;sid:84158065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.24.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294963/; classtype:trojan-activity;sid:84158063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294962)"; flow:established,from_client; content:"GET"; http_method; content:"/hghbhjknj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ump911.b-cdn.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294962/; classtype:trojan-activity;sid:84158062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.18.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294961/; classtype:trojan-activity;sid:84158061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.215.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294960/; classtype:trojan-activity;sid:84158060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.46.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294959/; classtype:trojan-activity;sid:84158059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.213.69.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294958/; classtype:trojan-activity;sid:84158058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294957)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.13.89.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294957/; classtype:trojan-activity;sid:84158057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.70.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294956/; classtype:trojan-activity;sid:84158056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.101.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294955/; classtype:trojan-activity;sid:84158055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.18.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294954/; classtype:trojan-activity;sid:84158054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.35.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294953/; classtype:trojan-activity;sid:84158053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.228.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294952/; classtype:trojan-activity;sid:84158052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294950)"; flow:established,from_client; content:"GET"; http_method; content:"/.puscarie/.msq.tar"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"66.63.187.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294950/; classtype:trojan-activity;sid:84158050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294951)"; flow:established,from_client; content:"GET"; http_method; content:"/.puscarie/.msq.tar"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"xkobeimparatu.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294951/; classtype:trojan-activity;sid:84158051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.24.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294949/; classtype:trojan-activity;sid:84158049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.245.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294948/; classtype:trojan-activity;sid:84158048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.18.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294947/; classtype:trojan-activity;sid:84158047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294946)"; flow:established,from_client; content:"GET"; http_method; content:"/iwir64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294946/; classtype:trojan-activity;sid:84158046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.36.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294945/; classtype:trojan-activity;sid:84158045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.70.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294944/; classtype:trojan-activity;sid:84158044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.177.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294942/; classtype:trojan-activity;sid:84158042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.228.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294943/; classtype:trojan-activity;sid:84158043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294941/; classtype:trojan-activity;sid:84158041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.173.76.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294940/; classtype:trojan-activity;sid:84158040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.144.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294939/; classtype:trojan-activity;sid:84158039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.224.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294938/; classtype:trojan-activity;sid:84158038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.132.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294937/; classtype:trojan-activity;sid:84158037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.91.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294936/; classtype:trojan-activity;sid:84158036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.77.68.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294935/; classtype:trojan-activity;sid:84158035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.123.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294934/; classtype:trojan-activity;sid:84158034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.226.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294933/; classtype:trojan-activity;sid:84158033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.130.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294932/; classtype:trojan-activity;sid:84158032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.236.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294931/; classtype:trojan-activity;sid:84158031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.31.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294930/; classtype:trojan-activity;sid:84158030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.181.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294929/; classtype:trojan-activity;sid:84158029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.144.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294928/; classtype:trojan-activity;sid:84158028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.241.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294927/; classtype:trojan-activity;sid:84158027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.195.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294926/; classtype:trojan-activity;sid:84158026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.205.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294925/; classtype:trojan-activity;sid:84158025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.164.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294924/; classtype:trojan-activity;sid:84158024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.123.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294923/; classtype:trojan-activity;sid:84158023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.141.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294922/; classtype:trojan-activity;sid:84158022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"206.0.180.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294921/; classtype:trojan-activity;sid:84158021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.78.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294920/; classtype:trojan-activity;sid:84158020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294919)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.247.184.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294919/; classtype:trojan-activity;sid:84158019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.255.202.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294918/; classtype:trojan-activity;sid:84158018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.245.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294917/; classtype:trojan-activity;sid:84158017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.141.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294916/; classtype:trojan-activity;sid:84158016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294915)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshow2.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294915/; classtype:trojan-activity;sid:84158015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294914)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshow.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294914/; classtype:trojan-activity;sid:84158014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294913)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshow1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294913/; classtype:trojan-activity;sid:84158013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294912)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshowa.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294912/; classtype:trojan-activity;sid:84158012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.125.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294911/; classtype:trojan-activity;sid:84158011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.55.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294910/; classtype:trojan-activity;sid:84158010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.226.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294909/; classtype:trojan-activity;sid:84158009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.82.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294908/; classtype:trojan-activity;sid:84158008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.245.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294907/; classtype:trojan-activity;sid:84158007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294906)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.218.114.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294906/; classtype:trojan-activity;sid:84158006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.7.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294905/; classtype:trojan-activity;sid:84158005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.101.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294904/; classtype:trojan-activity;sid:84158004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.178.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294903/; classtype:trojan-activity;sid:84158003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.118.158.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294902/; classtype:trojan-activity;sid:84158002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.255.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294901/; classtype:trojan-activity;sid:84158001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.78.11.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294900/; classtype:trojan-activity;sid:84158000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.160.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294899/; classtype:trojan-activity;sid:84157999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.164.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294898/; classtype:trojan-activity;sid:84157998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.9.31"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294897/; classtype:trojan-activity;sid:84157997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.183.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294896/; classtype:trojan-activity;sid:84157996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.2.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294895/; classtype:trojan-activity;sid:84157995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.246.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294894/; classtype:trojan-activity;sid:84157994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.161.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294893/; classtype:trojan-activity;sid:84157993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.178.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294892/; classtype:trojan-activity;sid:84157992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.114.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294891/; classtype:trojan-activity;sid:84157991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.7.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294890/; classtype:trojan-activity;sid:84157990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.157.145.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294889/; classtype:trojan-activity;sid:84157989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.139.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294888/; classtype:trojan-activity;sid:84157988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294887)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/eky5rp2utq8tof1094oi2/oficio-391-notificaci-n-electr-nica-cendo-rama-radicado-153153135-000-6562.tar.uue.tar.001|3f|rlkey=dil8h7h6ffwlvt15lrrnurg70|7c|26|7c|st=z29gqnxh|7c|26|7c|dl=0"; http_uri; depth:190; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294887/; classtype:trojan-activity;sid:84157987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294886)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/2o0u3qw8zexi62g35iq4n/2notificaci-n-electr-nica-esm-agradecemos-confirmar-recibido-anexamos-documentos-inmportantes.tar.uue.tar.001|3f|rlkey=6pq4a7hhf98h7xy28rkq9uqwe|7c|26|7c|st=a3pqgh99|7c|26|7c|dl=0"; http_uri; depth:209; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294886/; classtype:trojan-activity;sid:84157986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294885)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/t92cp2l9m4nmvlc2bjhwt/3notificaci-n-electr-nica-cendo-rama-judicial-del-poder-p-blico-esm-confirmar-recibido.tar.cab.tar.001|3f|rlkey=1g9fmco6l3uodeos1eois744j|7c|26|7c|st=cxw7qif9|7c|26|7c|dl=0"; http_uri; depth:202; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294885/; classtype:trojan-activity;sid:84157985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294882)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/259mxho3dnhaw3wxodo4d/3notificaci-n-electr-nica-judicial-auto-admisorio-demanda-laboral.tar.uue.tar.001|3f|rlkey=565r566vsgouhelnngcvb9gm0|7c|26|7c|st=pavbqg0o|7c|26|7c|dl=0"; http_uri; depth:181; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294882/; classtype:trojan-activity;sid:84157982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294883)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/s0y5qg6l0vkd7m23drmqg/2notificaci-n-electr-nica-judicial-auto-admisorio-demanda-laboral.tar.uue.tar.001|3f|rlkey=tgkpr9bxgtbqhcfril01rtq4o|7c|26|7c|st=0wmyh1qy|7c|26|7c|dl=0"; http_uri; depth:181; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294883/; classtype:trojan-activity;sid:84157983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294884)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/1b3qdpnqx1ho46tgb7h7u/2oficio-nro-192-notificaci-n-judicial-auto-admisorio-demanda-laboral-esm.tar.uue.tar.001|3f|rlkey=kv7tv4v03hjp1cwycaiagq3fh|7c|26|7c|st=lmaolu0a|7c|26|7c|dl=0"; http_uri; depth:188; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294884/; classtype:trojan-activity;sid:84157984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294881)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/qdceo4hlwma3qipt1zb0x/4oficio-nro-192-notificaci-n-judicial-auto-admisorio-demanda-laboral-esm.tar.uue.tar.001|3f|rlkey=cyher2xyvds8baps52pr0i52q|7c|26|7c|st=az6vnzwy|7c|26|7c|dl=0"; http_uri; depth:188; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294881/; classtype:trojan-activity;sid:84157981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294880)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/e7vtebfe2qdfbjt87nvhu/oficio-de-notificaci-n-ejectr-nica-cendo-rama-judicial-de-la-rep-blica-de-colombia.tar.cab.tar.001|3f|rlkey=54p6fzmx3c1eovd1btwzy0re4|7c|26|7c|st=npm5oi4l|7c|26|7c|dl=0"; http_uri; depth:198; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294880/; classtype:trojan-activity;sid:84157980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294879)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/4qoef01jqan8sczprj79o/1oficio-de-notificaci-n-ejectr-nica-cendo-rama-judicial-de-la-rep-blica-de-colombia.tar.cab.tar.001|3f|rlkey=8px38d88qrq4ssw54132v5ke2|7c|26|7c|st=gg5nhz4s|7c|26|7c|dl=0"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294879/; classtype:trojan-activity;sid:84157979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.158.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294878/; classtype:trojan-activity;sid:84157978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.133.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294877/; classtype:trojan-activity;sid:84157977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.83.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294876/; classtype:trojan-activity;sid:84157976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.73.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294875/; classtype:trojan-activity;sid:84157975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.60.106.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294874/; classtype:trojan-activity;sid:84157974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.81.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294873/; classtype:trojan-activity;sid:84157973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.39.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294872/; classtype:trojan-activity;sid:84157972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.202.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294871/; classtype:trojan-activity;sid:84157971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.76.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294869/; classtype:trojan-activity;sid:84157969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.246.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294870/; classtype:trojan-activity;sid:84157970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.161.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294868/; classtype:trojan-activity;sid:84157968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.234.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294867/; classtype:trojan-activity;sid:84157967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.103.151.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294866/; classtype:trojan-activity;sid:84157966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.67.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294865/; classtype:trojan-activity;sid:84157965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.50.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294864/; classtype:trojan-activity;sid:84157964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.218.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294863/; classtype:trojan-activity;sid:84157963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.66.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294862/; classtype:trojan-activity;sid:84157962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.255.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294861/; classtype:trojan-activity;sid:84157961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.133.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294860/; classtype:trojan-activity;sid:84157960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.143.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294859/; classtype:trojan-activity;sid:84157959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.62.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294858/; classtype:trojan-activity;sid:84157958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.204.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294857/; classtype:trojan-activity;sid:84157957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.92.132.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294856/; classtype:trojan-activity;sid:84157956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.194.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294855/; classtype:trojan-activity;sid:84157955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.105.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294854/; classtype:trojan-activity;sid:84157954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294853)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.69.115.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294853/; classtype:trojan-activity;sid:84157953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.85.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294852/; classtype:trojan-activity;sid:84157952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.29.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294851/; classtype:trojan-activity;sid:84157951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.85.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294850/; classtype:trojan-activity;sid:84157950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.82.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294849/; classtype:trojan-activity;sid:84157949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.76.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294848/; classtype:trojan-activity;sid:84157948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.198.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294847/; classtype:trojan-activity;sid:84157947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.156.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294846/; classtype:trojan-activity;sid:84157946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.0.170"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294844/; classtype:trojan-activity;sid:84157944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.221.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294845/; classtype:trojan-activity;sid:84157945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294843/; classtype:trojan-activity;sid:84157943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.186.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294841/; classtype:trojan-activity;sid:84157941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.7.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294842/; classtype:trojan-activity;sid:84157942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.83.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294840/; classtype:trojan-activity;sid:84157940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.130.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294839/; classtype:trojan-activity;sid:84157939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.83.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294836/; classtype:trojan-activity;sid:84157936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.1.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294837/; classtype:trojan-activity;sid:84157937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294838)"; flow:established,from_client; content:"GET"; http_method; content:"/12.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.53.181.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294838/; classtype:trojan-activity;sid:84157938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.188.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294835/; classtype:trojan-activity;sid:84157935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.22.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294833/; classtype:trojan-activity;sid:84157933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.92.132.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294834/; classtype:trojan-activity;sid:84157934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.248.15.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294832/; classtype:trojan-activity;sid:84157932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294831/; classtype:trojan-activity;sid:84157931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.148.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294830/; classtype:trojan-activity;sid:84157930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.141.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294829/; classtype:trojan-activity;sid:84157929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.124.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294828/; classtype:trojan-activity;sid:84157928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.139.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294827/; classtype:trojan-activity;sid:84157927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.11.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294826/; classtype:trojan-activity;sid:84157926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.83.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294825/; classtype:trojan-activity;sid:84157925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.199.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294824/; classtype:trojan-activity;sid:84157924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.234.160.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294823/; classtype:trojan-activity;sid:84157923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.130.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294822/; classtype:trojan-activity;sid:84157922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.22.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294821/; classtype:trojan-activity;sid:84157921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.15.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294820/; classtype:trojan-activity;sid:84157920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.115.170.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294819/; classtype:trojan-activity;sid:84157919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294817)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"165.227.173.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294817/; classtype:trojan-activity;sid:84157917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294818)"; flow:established,from_client; content:"GET"; http_method; content:"/discovery2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.227.173.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294818/; classtype:trojan-activity;sid:84157918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.98.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294815/; classtype:trojan-activity;sid:84157915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.112.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294816/; classtype:trojan-activity;sid:84157916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294811)"; flow:established,from_client; content:"GET"; http_method; content:"/output.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"165.227.173.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294811/; classtype:trojan-activity;sid:84157911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294812)"; flow:established,from_client; content:"GET"; http_method; content:"/output2.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"165.227.173.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294812/; classtype:trojan-activity;sid:84157912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294813)"; flow:established,from_client; content:"GET"; http_method; content:"/output3.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"165.227.173.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294813/; classtype:trojan-activity;sid:84157913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294814)"; flow:established,from_client; content:"GET"; http_method; content:"/output4.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"165.227.173.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294814/; classtype:trojan-activity;sid:84157914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294810)"; flow:established,from_client; content:"GET"; http_method; content:"/msf.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"27.102.130.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294810/; classtype:trojan-activity;sid:84157910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294809)"; flow:established,from_client; content:"GET"; http_method; content:"/configureregistrysettings.ps1"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.247.164.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294809/; classtype:trojan-activity;sid:84157909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.183.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294808/; classtype:trojan-activity;sid:84157908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294807)"; flow:established,from_client; content:"GET"; http_method; content:"/6gbkj5.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294807/; classtype:trojan-activity;sid:84157907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294806)"; flow:established,from_client; content:"GET"; http_method; content:"/8139.ps1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.102.130.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294806/; classtype:trojan-activity;sid:84157906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.139.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294805/; classtype:trojan-activity;sid:84157905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.139.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294804/; classtype:trojan-activity;sid:84157904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.242.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294803/; classtype:trojan-activity;sid:84157903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.234.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294802/; classtype:trojan-activity;sid:84157902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.206.159.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294801/; classtype:trojan-activity;sid:84157901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.42.243.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294799/; classtype:trojan-activity;sid:84157899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.230.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294800/; classtype:trojan-activity;sid:84157900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.50.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294798/; classtype:trojan-activity;sid:84157898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.41.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294797/; classtype:trojan-activity;sid:84157897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.254.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294796/; classtype:trojan-activity;sid:84157896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.98.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294795/; classtype:trojan-activity;sid:84157895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.82.226.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294794/; classtype:trojan-activity;sid:84157894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.64.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294793/; classtype:trojan-activity;sid:84157893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.133.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294792/; classtype:trojan-activity;sid:84157892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.195.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294791/; classtype:trojan-activity;sid:84157891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.139.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294790/; classtype:trojan-activity;sid:84157890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.31.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294789/; classtype:trojan-activity;sid:84157889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.170.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294788/; classtype:trojan-activity;sid:84157888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.176.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294787/; classtype:trojan-activity;sid:84157887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294786)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.11.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294786/; classtype:trojan-activity;sid:84157886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.39.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294785/; classtype:trojan-activity;sid:84157885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.225.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294783/; classtype:trojan-activity;sid:84157883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.215.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294784/; classtype:trojan-activity;sid:84157884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.34.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294782/; classtype:trojan-activity;sid:84157882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.1.100"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294781/; classtype:trojan-activity;sid:84157881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.42.44.94"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294780/; classtype:trojan-activity;sid:84157880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.122.255.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294778/; classtype:trojan-activity;sid:84157878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.88.147.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294779/; classtype:trojan-activity;sid:84157879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.122.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294776/; classtype:trojan-activity;sid:84157876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.175.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294777/; classtype:trojan-activity;sid:84157877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.215.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294775/; classtype:trojan-activity;sid:84157875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.242.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294774/; classtype:trojan-activity;sid:84157874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.227.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294773/; classtype:trojan-activity;sid:84157873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294772)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.11.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294772/; classtype:trojan-activity;sid:84157872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.4.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294771/; classtype:trojan-activity;sid:84157871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.34.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294770/; classtype:trojan-activity;sid:84157870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.226.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294769/; classtype:trojan-activity;sid:84157869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.225.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294768/; classtype:trojan-activity;sid:84157868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294767)"; flow:established,from_client; content:"GET"; http_method; content:"/bose1511/mkt1511/-/raw/main/16fukrun.zip|3f|ref_type=heads|7c|26|7c|inline=false"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294767/; classtype:trojan-activity;sid:84157867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294765)"; flow:established,from_client; content:"GET"; http_method; content:"/bose1511/mkt1511/-/raw/main/17fukrun.zip|3f|ref_type=heads|7c|26|7c|inline=false"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294765/; classtype:trojan-activity;sid:84157865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294764)"; flow:established,from_client; content:"GET"; http_method; content:"/bose1511/mkt1511/-/raw/main/18fukrun.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294764/; classtype:trojan-activity;sid:84157864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294762)"; flow:established,from_client; content:"GET"; http_method; content:"/ptt2k5/ltl203/blob/main/update3.bat"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294762/; classtype:trojan-activity;sid:84157862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294763)"; flow:established,from_client; content:"GET"; http_method; content:"/bose1511/mkt1511/-/raw/main/17_advertising_campaign_and_collaboration.docx"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294763/; classtype:trojan-activity;sid:84157863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294753)"; flow:established,from_client; content:"GET"; http_method; content:"/bose1511/mkt1511/-/raw/main/18cut04.bat"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294753/; classtype:trojan-activity;sid:84157853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294754)"; flow:established,from_client; content:"GET"; http_method; content:"/bose1511/mkt1511/-/raw/main/bose18mkt.bat"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294754/; classtype:trojan-activity;sid:84157854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294755)"; flow:established,from_client; content:"GET"; http_method; content:"/bose1511/mkt1511/-/raw/main/hnbose1711.bat"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294755/; classtype:trojan-activity;sid:84157855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294756)"; flow:established,from_client; content:"GET"; http_method; content:"/bose1511/mkt1511/-/raw/main/scut18bo03.bat"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294756/; classtype:trojan-activity;sid:84157856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294757)"; flow:established,from_client; content:"GET"; http_method; content:"/bose1511/mkt1511/-/raw/main/bose2scut18.bat"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294757/; classtype:trojan-activity;sid:84157857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294758)"; flow:established,from_client; content:"GET"; http_method; content:"/ptt2k5/ltl203/blob/main/update2.bat"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294758/; classtype:trojan-activity;sid:84157858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294759)"; flow:established,from_client; content:"GET"; http_method; content:"/bose1511/mkt1511/-/raw/main/bose1511mkt.bat"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294759/; classtype:trojan-activity;sid:84157859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294760)"; flow:established,from_client; content:"GET"; http_method; content:"/ptt2k5/ltl203/blob/main/document88.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294760/; classtype:trojan-activity;sid:84157860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294761)"; flow:established,from_client; content:"GET"; http_method; content:"/ptt2k5/ltl203/blob/main/document83.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294761/; classtype:trojan-activity;sid:84157861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.1.100"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294752/; classtype:trojan-activity;sid:84157852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.78.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294751/; classtype:trojan-activity;sid:84157851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.174.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294750/; classtype:trojan-activity;sid:84157850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.249.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294748/; classtype:trojan-activity;sid:84157848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.33.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294749/; classtype:trojan-activity;sid:84157849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.176.101.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294747/; classtype:trojan-activity;sid:84157847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.93.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294746/; classtype:trojan-activity;sid:84157846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294745/; classtype:trojan-activity;sid:84157845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.79.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294744/; classtype:trojan-activity;sid:84157844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.3.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294743/; classtype:trojan-activity;sid:84157843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.188.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294742/; classtype:trojan-activity;sid:84157842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.68.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294741/; classtype:trojan-activity;sid:84157841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294740/; classtype:trojan-activity;sid:84157840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.109.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294739/; classtype:trojan-activity;sid:84157839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.78.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294738/; classtype:trojan-activity;sid:84157838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294737/; classtype:trojan-activity;sid:84157837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.203.68.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294736/; classtype:trojan-activity;sid:84157836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.33.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294735/; classtype:trojan-activity;sid:84157835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.68.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294734/; classtype:trojan-activity;sid:84157834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.191.13.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294733/; classtype:trojan-activity;sid:84157833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.77.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294732/; classtype:trojan-activity;sid:84157832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.2.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294731/; classtype:trojan-activity;sid:84157831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.249.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294730/; classtype:trojan-activity;sid:84157830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.175.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294729/; classtype:trojan-activity;sid:84157829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294728/; classtype:trojan-activity;sid:84157828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.114.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294726/; classtype:trojan-activity;sid:84157826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294727)"; flow:established,from_client; content:"GET"; http_method; content:"/data-package/a2vhdpja/download"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"filetransfer.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294727/; classtype:trojan-activity;sid:84157827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.177.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294725/; classtype:trojan-activity;sid:84157825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294723)"; flow:established,from_client; content:"GET"; http_method; content:"/link/process/solpen.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"storageinstance.oss-ap-southeast-1.aliyuncs.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294723/; classtype:trojan-activity;sid:84157823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294724)"; flow:established,from_client; content:"GET"; http_method; content:"/link/process/pennicle.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"storageinstance.oss-ap-southeast-1.aliyuncs.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294724/; classtype:trojan-activity;sid:84157824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.79.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294722/; classtype:trojan-activity;sid:84157822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.134.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294721/; classtype:trojan-activity;sid:84157821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.154.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294720/; classtype:trojan-activity;sid:84157820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294719/; classtype:trojan-activity;sid:84157819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.45.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294718/; classtype:trojan-activity;sid:84157818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.163.81.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294717/; classtype:trojan-activity;sid:84157817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.57.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294716/; classtype:trojan-activity;sid:84157816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.2.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294715/; classtype:trojan-activity;sid:84157815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.178.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294713/; classtype:trojan-activity;sid:84157813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.196.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294714/; classtype:trojan-activity;sid:84157814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.99.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294712/; classtype:trojan-activity;sid:84157812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.136.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294711/; classtype:trojan-activity;sid:84157811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.81.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294710/; classtype:trojan-activity;sid:84157810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294709/; classtype:trojan-activity;sid:84157809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.6.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294708/; classtype:trojan-activity;sid:84157808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"164.163.25.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294707/; classtype:trojan-activity;sid:84157807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294706/; classtype:trojan-activity;sid:84157806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.24.171"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294704/; classtype:trojan-activity;sid:84157804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294705/; classtype:trojan-activity;sid:84157805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294703/; classtype:trojan-activity;sid:84157803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.177.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294702/; classtype:trojan-activity;sid:84157802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.158.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294701/; classtype:trojan-activity;sid:84157801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.154.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294700/; classtype:trojan-activity;sid:84157800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.185.157.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294699/; classtype:trojan-activity;sid:84157799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.21.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294698/; classtype:trojan-activity;sid:84157798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.110.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294697/; classtype:trojan-activity;sid:84157797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.255.133.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294696/; classtype:trojan-activity;sid:84157796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.28.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294695/; classtype:trojan-activity;sid:84157795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.6.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294694/; classtype:trojan-activity;sid:84157794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.52.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294693/; classtype:trojan-activity;sid:84157793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.36.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294692/; classtype:trojan-activity;sid:84157792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294691/; classtype:trojan-activity;sid:84157791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.11.56.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294690/; classtype:trojan-activity;sid:84157790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.111.117.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294689/; classtype:trojan-activity;sid:84157789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.65.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294688/; classtype:trojan-activity;sid:84157788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.183.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294687/; classtype:trojan-activity;sid:84157787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.60.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294686/; classtype:trojan-activity;sid:84157786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.173.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294685/; classtype:trojan-activity;sid:84157785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294684/; classtype:trojan-activity;sid:84157784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.110.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294683/; classtype:trojan-activity;sid:84157783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.7.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294682/; classtype:trojan-activity;sid:84157782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294681/; classtype:trojan-activity;sid:84157781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.188.16.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294680/; classtype:trojan-activity;sid:84157780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.116.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294679/; classtype:trojan-activity;sid:84157779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294678/; classtype:trojan-activity;sid:84157778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.36.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294677/; classtype:trojan-activity;sid:84157777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.157.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294675/; classtype:trojan-activity;sid:84157775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.120.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294676/; classtype:trojan-activity;sid:84157776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.137.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294674/; classtype:trojan-activity;sid:84157774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294673/; classtype:trojan-activity;sid:84157773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.109.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294672/; classtype:trojan-activity;sid:84157772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.244.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294671/; classtype:trojan-activity;sid:84157771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.188.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294670/; classtype:trojan-activity;sid:84157770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.100.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294669/; classtype:trojan-activity;sid:84157769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.107.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294668/; classtype:trojan-activity;sid:84157768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.172.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294667/; classtype:trojan-activity;sid:84157767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.191.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294666/; classtype:trojan-activity;sid:84157766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.247.143.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294665/; classtype:trojan-activity;sid:84157765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.188.16.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294664/; classtype:trojan-activity;sid:84157764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.66.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294663/; classtype:trojan-activity;sid:84157763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.10.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294662/; classtype:trojan-activity;sid:84157762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.59.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294661/; classtype:trojan-activity;sid:84157761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.250.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294660/; classtype:trojan-activity;sid:84157760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.213.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294659/; classtype:trojan-activity;sid:84157759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.90.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294658/; classtype:trojan-activity;sid:84157758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.124.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294657/; classtype:trojan-activity;sid:84157757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294656/; classtype:trojan-activity;sid:84157756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.156.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294655/; classtype:trojan-activity;sid:84157755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.109.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294654/; classtype:trojan-activity;sid:84157754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.39.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294653/; classtype:trojan-activity;sid:84157753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.244.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294652/; classtype:trojan-activity;sid:84157752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.20.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294651/; classtype:trojan-activity;sid:84157751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294650/; classtype:trojan-activity;sid:84157750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.74.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294649/; classtype:trojan-activity;sid:84157749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.198.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294647/; classtype:trojan-activity;sid:84157747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294648)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.183.16.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294648/; classtype:trojan-activity;sid:84157748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.92.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294646/; classtype:trojan-activity;sid:84157746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.55.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294645/; classtype:trojan-activity;sid:84157745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.64.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294644/; classtype:trojan-activity;sid:84157744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.90.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294643/; classtype:trojan-activity;sid:84157743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.183.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294642/; classtype:trojan-activity;sid:84157742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.118.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294641/; classtype:trojan-activity;sid:84157741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.59.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294640/; classtype:trojan-activity;sid:84157740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.124.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294639/; classtype:trojan-activity;sid:84157739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.216.30.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294637/; classtype:trojan-activity;sid:84157737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.196.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294638/; classtype:trojan-activity;sid:84157738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.78.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294636/; classtype:trojan-activity;sid:84157736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.74.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294635/; classtype:trojan-activity;sid:84157735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.108.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294634/; classtype:trojan-activity;sid:84157734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.138.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294633/; classtype:trojan-activity;sid:84157733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.8.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294631/; classtype:trojan-activity;sid:84157731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.176.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294632/; classtype:trojan-activity;sid:84157732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.216.30.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294630/; classtype:trojan-activity;sid:84157730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.224.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294629/; classtype:trojan-activity;sid:84157729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.8.109.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294628/; classtype:trojan-activity;sid:84157728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.170.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294627/; classtype:trojan-activity;sid:84157727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.140.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294626/; classtype:trojan-activity;sid:84157726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294625)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.11.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294625/; classtype:trojan-activity;sid:84157725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.92.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294624/; classtype:trojan-activity;sid:84157724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.251.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294623/; classtype:trojan-activity;sid:84157723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.118.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294622/; classtype:trojan-activity;sid:84157722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294621/; classtype:trojan-activity;sid:84157721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294620)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.182.227.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294620/; classtype:trojan-activity;sid:84157720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294619)"; flow:established,from_client; content:"GET"; http_method; content:"/noureddine-nt9/rgsdr/raw/refs/heads/main/cheet.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294619/; classtype:trojan-activity;sid:84157719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.240.9.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294618/; classtype:trojan-activity;sid:84157718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.78.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294617/; classtype:trojan-activity;sid:84157717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.140.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294616/; classtype:trojan-activity;sid:84157716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.251.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294615/; classtype:trojan-activity;sid:84157715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.251.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294614/; classtype:trojan-activity;sid:84157714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.218.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294613/; classtype:trojan-activity;sid:84157713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.191.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294612/; classtype:trojan-activity;sid:84157712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.208.191.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294611/; classtype:trojan-activity;sid:84157711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.71.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294610/; classtype:trojan-activity;sid:84157710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.128.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294609/; classtype:trojan-activity;sid:84157709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.116.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294608/; classtype:trojan-activity;sid:84157708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.176.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294607/; classtype:trojan-activity;sid:84157707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294606/; classtype:trojan-activity;sid:84157706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.240.9.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294605/; classtype:trojan-activity;sid:84157705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.196.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294604/; classtype:trojan-activity;sid:84157704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.8.109.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294603/; classtype:trojan-activity;sid:84157703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.110.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294602/; classtype:trojan-activity;sid:84157702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.187.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294601/; classtype:trojan-activity;sid:84157701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294600/; classtype:trojan-activity;sid:84157700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.161.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294599/; classtype:trojan-activity;sid:84157699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.218.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294598/; classtype:trojan-activity;sid:84157698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.83.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294597/; classtype:trojan-activity;sid:84157697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.140.194.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294596/; classtype:trojan-activity;sid:84157696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.237.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294595/; classtype:trojan-activity;sid:84157695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.198.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294593/; classtype:trojan-activity;sid:84157693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.232.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294594/; classtype:trojan-activity;sid:84157694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.26.81.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294592/; classtype:trojan-activity;sid:84157692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.213.69.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294591/; classtype:trojan-activity;sid:84157691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.22.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294590/; classtype:trojan-activity;sid:84157690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.189.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294589/; classtype:trojan-activity;sid:84157689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.108.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294586/; classtype:trojan-activity;sid:84157686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.187.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294587/; classtype:trojan-activity;sid:84157687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.196.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294588/; classtype:trojan-activity;sid:84157688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.194.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294585/; classtype:trojan-activity;sid:84157685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294584/; classtype:trojan-activity;sid:84157684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.128.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294583/; classtype:trojan-activity;sid:84157683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.182.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294582/; classtype:trojan-activity;sid:84157682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.96.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294581/; classtype:trojan-activity;sid:84157681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.211.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294579/; classtype:trojan-activity;sid:84157679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.189.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294580/; classtype:trojan-activity;sid:84157680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.199.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294578/; classtype:trojan-activity;sid:84157678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.103.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294577/; classtype:trojan-activity;sid:84157677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.96.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294576/; classtype:trojan-activity;sid:84157676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.50.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294575/; classtype:trojan-activity;sid:84157675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.186.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294574/; classtype:trojan-activity;sid:84157674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.74.13.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294572/; classtype:trojan-activity;sid:84157672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.166.210.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294573/; classtype:trojan-activity;sid:84157673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294571)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.157.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294571/; classtype:trojan-activity;sid:84157671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.28.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294570/; classtype:trojan-activity;sid:84157670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.82.226.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294569/; classtype:trojan-activity;sid:84157669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.128.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294568/; classtype:trojan-activity;sid:84157668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.109.147.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294567/; classtype:trojan-activity;sid:84157667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294566/; classtype:trojan-activity;sid:84157666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.176.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294565/; classtype:trojan-activity;sid:84157665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294564)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mbw.events.socalpocis.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294564/; classtype:trojan-activity;sid:84157664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294562/; classtype:trojan-activity;sid:84157662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.182.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294563/; classtype:trojan-activity;sid:84157663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.161.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294561/; classtype:trojan-activity;sid:84157661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.141.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294560/; classtype:trojan-activity;sid:84157660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.109.147.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294559/; classtype:trojan-activity;sid:84157659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294558/; classtype:trojan-activity;sid:84157658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.186.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294557/; classtype:trojan-activity;sid:84157657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.10.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294556/; classtype:trojan-activity;sid:84157656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.87.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294555/; classtype:trojan-activity;sid:84157655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.50.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294554/; classtype:trojan-activity;sid:84157654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294553/; classtype:trojan-activity;sid:84157653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.232.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294552/; classtype:trojan-activity;sid:84157652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.254.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294551/; classtype:trojan-activity;sid:84157651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.149.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294550/; classtype:trojan-activity;sid:84157650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.2.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294549/; classtype:trojan-activity;sid:84157649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.92.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294548/; classtype:trojan-activity;sid:84157648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.18.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294547/; classtype:trojan-activity;sid:84157647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.123.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294546/; classtype:trojan-activity;sid:84157646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.161.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294545/; classtype:trojan-activity;sid:84157645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.228.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294544/; classtype:trojan-activity;sid:84157644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.211.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294543/; classtype:trojan-activity;sid:84157643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294542/; classtype:trojan-activity;sid:84157642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.16.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294541/; classtype:trojan-activity;sid:84157641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.213.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294540/; classtype:trojan-activity;sid:84157640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.92.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294539/; classtype:trojan-activity;sid:84157639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.89.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294538/; classtype:trojan-activity;sid:84157638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.125.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294537/; classtype:trojan-activity;sid:84157637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294536)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"171.231.165.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294536/; classtype:trojan-activity;sid:84157636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.192.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294535/; classtype:trojan-activity;sid:84157635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.99.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294534/; classtype:trojan-activity;sid:84157634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.59.107.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294533/; classtype:trojan-activity;sid:84157633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.20.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294532/; classtype:trojan-activity;sid:84157632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294529/; classtype:trojan-activity;sid:84157629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.70.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294530/; classtype:trojan-activity;sid:84157630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.200.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294531/; classtype:trojan-activity;sid:84157631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.18.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294528/; classtype:trojan-activity;sid:84157628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.243.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294527/; classtype:trojan-activity;sid:84157627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.35.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294525/; classtype:trojan-activity;sid:84157625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294526)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"208.168.244.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294526/; classtype:trojan-activity;sid:84157626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.103.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294524/; classtype:trojan-activity;sid:84157624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.141.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294523/; classtype:trojan-activity;sid:84157623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.213.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294522/; classtype:trojan-activity;sid:84157622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294521/; classtype:trojan-activity;sid:84157621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.83.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294520/; classtype:trojan-activity;sid:84157620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.89.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294519/; classtype:trojan-activity;sid:84157619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.76.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294518/; classtype:trojan-activity;sid:84157618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.160.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294517/; classtype:trojan-activity;sid:84157617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.244.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294516/; classtype:trojan-activity;sid:84157616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.147.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294515/; classtype:trojan-activity;sid:84157615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.140.194.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294514/; classtype:trojan-activity;sid:84157614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.76.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294513/; classtype:trojan-activity;sid:84157613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.76.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294512/; classtype:trojan-activity;sid:84157612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294511/; classtype:trojan-activity;sid:84157611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294510/; classtype:trojan-activity;sid:84157610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.103.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294509/; classtype:trojan-activity;sid:84157609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.0.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294507/; classtype:trojan-activity;sid:84157607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.134.171.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294508/; classtype:trojan-activity;sid:84157608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.245.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294506/; classtype:trojan-activity;sid:84157606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.149.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294505/; classtype:trojan-activity;sid:84157605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.59.107.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294504/; classtype:trojan-activity;sid:84157604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.196.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294503/; classtype:trojan-activity;sid:84157603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.99.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294502/; classtype:trojan-activity;sid:84157602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.108.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294501/; classtype:trojan-activity;sid:84157601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.37.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294500/; classtype:trojan-activity;sid:84157600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.62.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294499/; classtype:trojan-activity;sid:84157599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.244.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294498/; classtype:trojan-activity;sid:84157598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.39.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294497/; classtype:trojan-activity;sid:84157597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.173.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294496/; classtype:trojan-activity;sid:84157596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294495/; classtype:trojan-activity;sid:84157595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.193.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294494/; classtype:trojan-activity;sid:84157594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.157.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294493/; classtype:trojan-activity;sid:84157593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.157.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294492/; classtype:trojan-activity;sid:84157592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.141.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294491/; classtype:trojan-activity;sid:84157591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.236.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294490/; classtype:trojan-activity;sid:84157590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.29.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294489/; classtype:trojan-activity;sid:84157589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294488/; classtype:trojan-activity;sid:84157588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.182.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294487/; classtype:trojan-activity;sid:84157587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.73.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294486/; classtype:trojan-activity;sid:84157586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.40.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294485/; classtype:trojan-activity;sid:84157585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.180.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294484/; classtype:trojan-activity;sid:84157584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.234.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294483/; classtype:trojan-activity;sid:84157583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.114.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294482/; classtype:trojan-activity;sid:84157582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.243.225.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294481/; classtype:trojan-activity;sid:84157581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294479)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cms.events.socalpocis.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294479/; classtype:trojan-activity;sid:84157579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294480)"; flow:established,from_client; content:"GET"; http_method; content:"/viewprofile"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"8cdf8.language.sebtomato.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294480/; classtype:trojan-activity;sid:84157580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.154.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294478/; classtype:trojan-activity;sid:84157578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.94.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294477/; classtype:trojan-activity;sid:84157577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.101.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294476/; classtype:trojan-activity;sid:84157576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.196.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294475/; classtype:trojan-activity;sid:84157575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.22.123.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294474/; classtype:trojan-activity;sid:84157574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.94.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294473/; classtype:trojan-activity;sid:84157573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.101.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294472/; classtype:trojan-activity;sid:84157572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.56.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294471/; classtype:trojan-activity;sid:84157571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.207.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294470/; classtype:trojan-activity;sid:84157570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294469)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.69.111.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294469/; classtype:trojan-activity;sid:84157569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294468/; classtype:trojan-activity;sid:84157568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.76.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294467/; classtype:trojan-activity;sid:84157567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.54.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294466/; classtype:trojan-activity;sid:84157566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.40.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294465/; classtype:trojan-activity;sid:84157565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.228.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294464/; classtype:trojan-activity;sid:84157564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.201.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294463/; classtype:trojan-activity;sid:84157563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.114.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294462/; classtype:trojan-activity;sid:84157562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.105.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294461/; classtype:trojan-activity;sid:84157561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.16.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294460/; classtype:trojan-activity;sid:84157560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.186.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294459/; classtype:trojan-activity;sid:84157559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.27.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294458/; classtype:trojan-activity;sid:84157558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294457/; classtype:trojan-activity;sid:84157557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.169.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294456/; classtype:trojan-activity;sid:84157556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.180.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294455/; classtype:trojan-activity;sid:84157555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.15.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294454/; classtype:trojan-activity;sid:84157554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.207.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294453/; classtype:trojan-activity;sid:84157553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.112.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294452/; classtype:trojan-activity;sid:84157552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.243.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294451/; classtype:trojan-activity;sid:84157551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.56.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294450/; classtype:trojan-activity;sid:84157550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.152.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294449/; classtype:trojan-activity;sid:84157549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.198.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294448/; classtype:trojan-activity;sid:84157548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.16.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294447/; classtype:trojan-activity;sid:84157547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.27.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294446/; classtype:trojan-activity;sid:84157546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.38.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294445/; classtype:trojan-activity;sid:84157545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.49.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294444/; classtype:trojan-activity;sid:84157544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.58.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294441/; classtype:trojan-activity;sid:84157541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.246.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294442/; classtype:trojan-activity;sid:84157542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.27.199.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294443/; classtype:trojan-activity;sid:84157543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.161.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294440/; classtype:trojan-activity;sid:84157540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294439)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.75.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294439/; classtype:trojan-activity;sid:84157539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.186.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294438/; classtype:trojan-activity;sid:84157538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.228.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294437/; classtype:trojan-activity;sid:84157537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.46.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294436/; classtype:trojan-activity;sid:84157536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.164.207.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294435/; classtype:trojan-activity;sid:84157535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.169.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294434/; classtype:trojan-activity;sid:84157534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.41.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294433/; classtype:trojan-activity;sid:84157533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.227.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294432/; classtype:trojan-activity;sid:84157532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.156.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294430/; classtype:trojan-activity;sid:84157530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.152.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294431/; classtype:trojan-activity;sid:84157531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.105.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294429/; classtype:trojan-activity;sid:84157529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.148.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294428/; classtype:trojan-activity;sid:84157528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.179.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294427/; classtype:trojan-activity;sid:84157527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.125.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294426/; classtype:trojan-activity;sid:84157526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.95.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294425/; classtype:trojan-activity;sid:84157525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.180.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294424/; classtype:trojan-activity;sid:84157524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.44.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294423/; classtype:trojan-activity;sid:84157523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.104.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294422/; classtype:trojan-activity;sid:84157522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.201.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294421/; classtype:trojan-activity;sid:84157521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.95.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294420/; classtype:trojan-activity;sid:84157520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.201.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294419/; classtype:trojan-activity;sid:84157519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.224.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294418/; classtype:trojan-activity;sid:84157518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.228.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294416/; classtype:trojan-activity;sid:84157516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.196.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294417/; classtype:trojan-activity;sid:84157517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.129.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294415/; classtype:trojan-activity;sid:84157515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.112.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294414/; classtype:trojan-activity;sid:84157514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.46.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294413/; classtype:trojan-activity;sid:84157513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.203.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294412/; classtype:trojan-activity;sid:84157512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.94.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294411/; classtype:trojan-activity;sid:84157511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.41.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294410/; classtype:trojan-activity;sid:84157510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.199.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294409/; classtype:trojan-activity;sid:84157509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.197.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294408/; classtype:trojan-activity;sid:84157508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294407/; classtype:trojan-activity;sid:84157507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294406/; classtype:trojan-activity;sid:84157506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.201.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294405/; classtype:trojan-activity;sid:84157505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.199.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294404/; classtype:trojan-activity;sid:84157504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.143.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294402/; classtype:trojan-activity;sid:84157502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.243.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294403/; classtype:trojan-activity;sid:84157503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.164.207.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294401/; classtype:trojan-activity;sid:84157501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.95.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294400/; classtype:trojan-activity;sid:84157500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.123.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294398/; classtype:trojan-activity;sid:84157498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.41.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294399/; classtype:trojan-activity;sid:84157499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294386)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"161.97.175.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294386/; classtype:trojan-activity;sid:84157486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294387)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"161.97.175.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294387/; classtype:trojan-activity;sid:84157487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294388)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"161.97.175.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294388/; classtype:trojan-activity;sid:84157488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294389)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"161.97.175.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294389/; classtype:trojan-activity;sid:84157489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294390)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"161.97.175.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294390/; classtype:trojan-activity;sid:84157490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294391)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"161.97.175.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294391/; classtype:trojan-activity;sid:84157491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294392)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"161.97.175.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294392/; classtype:trojan-activity;sid:84157492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294393)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"161.97.175.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294393/; classtype:trojan-activity;sid:84157493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294394)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"161.97.175.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294394/; classtype:trojan-activity;sid:84157494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294395)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"161.97.175.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294395/; classtype:trojan-activity;sid:84157495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294396)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"161.97.175.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294396/; classtype:trojan-activity;sid:84157496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.129.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294397/; classtype:trojan-activity;sid:84157497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.60.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294385/; classtype:trojan-activity;sid:84157485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.77.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294384/; classtype:trojan-activity;sid:84157484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.233.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294383/; classtype:trojan-activity;sid:84157483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"152.252.61.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294382/; classtype:trojan-activity;sid:84157482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.151.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294381/; classtype:trojan-activity;sid:84157481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.152.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294380/; classtype:trojan-activity;sid:84157480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.170.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294379/; classtype:trojan-activity;sid:84157479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.100.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294378/; classtype:trojan-activity;sid:84157478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.127.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294377/; classtype:trojan-activity;sid:84157477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.253.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294376/; classtype:trojan-activity;sid:84157476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.67.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294375/; classtype:trojan-activity;sid:84157475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.112.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294374/; classtype:trojan-activity;sid:84157474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.60.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294373/; classtype:trojan-activity;sid:84157473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.243.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294372/; classtype:trojan-activity;sid:84157472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.252.61.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294371/; classtype:trojan-activity;sid:84157471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.77.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294370/; classtype:trojan-activity;sid:84157470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.161.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294355/; classtype:trojan-activity;sid:84157455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.41.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294354/; classtype:trojan-activity;sid:84157454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.151.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294353/; classtype:trojan-activity;sid:84157453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.179.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294352/; classtype:trojan-activity;sid:84157452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.233.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294351/; classtype:trojan-activity;sid:84157451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.127.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294350/; classtype:trojan-activity;sid:84157450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.241.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294349/; classtype:trojan-activity;sid:84157449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.152.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294348/; classtype:trojan-activity;sid:84157448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.255.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294347/; classtype:trojan-activity;sid:84157447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.30.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294346/; classtype:trojan-activity;sid:84157446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294345/; classtype:trojan-activity;sid:84157445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.62.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294344/; classtype:trojan-activity;sid:84157444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.35.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294343/; classtype:trojan-activity;sid:84157443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294342/; classtype:trojan-activity;sid:84157442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.214.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294341/; classtype:trojan-activity;sid:84157441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.178.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294340/; classtype:trojan-activity;sid:84157440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.179.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294339/; classtype:trojan-activity;sid:84157439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.174.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294338/; classtype:trojan-activity;sid:84157438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294337/; classtype:trojan-activity;sid:84157437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294336)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bot.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294336/; classtype:trojan-activity;sid:84157436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294323)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bot.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294323/; classtype:trojan-activity;sid:84157423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294324)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.i586"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bot.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294324/; classtype:trojan-activity;sid:84157424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294325)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bot.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294325/; classtype:trojan-activity;sid:84157425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294326)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bot.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294326/; classtype:trojan-activity;sid:84157426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294327)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bot.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294327/; classtype:trojan-activity;sid:84157427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294328)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bot.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294328/; classtype:trojan-activity;sid:84157428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294329)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bot.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294329/; classtype:trojan-activity;sid:84157429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294330)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bot.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294330/; classtype:trojan-activity;sid:84157430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294331)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bot.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294331/; classtype:trojan-activity;sid:84157431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294332)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.ppc440"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"bot.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294332/; classtype:trojan-activity;sid:84157432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294333)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bot.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294333/; classtype:trojan-activity;sid:84157433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294334)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bot.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294334/; classtype:trojan-activity;sid:84157434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294335)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bot.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294335/; classtype:trojan-activity;sid:84157435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294322)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"502.hanzstore.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294322/; classtype:trojan-activity;sid:84157422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294308)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"502.hanzstore.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294308/; classtype:trojan-activity;sid:84157408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294309)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"502.hanzstore.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294309/; classtype:trojan-activity;sid:84157409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294310)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"502.hanzstore.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294310/; classtype:trojan-activity;sid:84157410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294311)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"502.hanzstore.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294311/; classtype:trojan-activity;sid:84157411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294312)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"502.hanzstore.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294312/; classtype:trojan-activity;sid:84157412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294313)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.i586"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"502.hanzstore.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294313/; classtype:trojan-activity;sid:84157413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294314)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.ppc440"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"502.hanzstore.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294314/; classtype:trojan-activity;sid:84157414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294315)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"502.hanzstore.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294315/; classtype:trojan-activity;sid:84157415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294316)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"502.hanzstore.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294316/; classtype:trojan-activity;sid:84157416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294317)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"502.hanzstore.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294317/; classtype:trojan-activity;sid:84157417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294318)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"502.hanzstore.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294318/; classtype:trojan-activity;sid:84157418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294319)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"502.hanzstore.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294319/; classtype:trojan-activity;sid:84157419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294320)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"502.hanzstore.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294320/; classtype:trojan-activity;sid:84157420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294321)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"502.hanzstore.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294321/; classtype:trojan-activity;sid:84157421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.129.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294307/; classtype:trojan-activity;sid:84157407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.26.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294306/; classtype:trojan-activity;sid:84157406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294305)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bot.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294305/; classtype:trojan-activity;sid:84157405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.67.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294304/; classtype:trojan-activity;sid:84157404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294303)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gay.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294303/; classtype:trojan-activity;sid:84157403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.161.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294302/; classtype:trojan-activity;sid:84157402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294301)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"gay.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294301/; classtype:trojan-activity;sid:84157401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294298)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.ppc440"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"gay.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294298/; classtype:trojan-activity;sid:84157398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294299)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gay.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294299/; classtype:trojan-activity;sid:84157399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294300)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"gay.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294300/; classtype:trojan-activity;sid:84157400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294287)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gay.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294287/; classtype:trojan-activity;sid:84157387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294288)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"gay.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294288/; classtype:trojan-activity;sid:84157388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294289)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"toibinghiensegay.minehard.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294289/; classtype:trojan-activity;sid:84157389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294290)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gay.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294290/; classtype:trojan-activity;sid:84157390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294291)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gay.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294291/; classtype:trojan-activity;sid:84157391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294292)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gay.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294292/; classtype:trojan-activity;sid:84157392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294293)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gay.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294293/; classtype:trojan-activity;sid:84157393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294294)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gay.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294294/; classtype:trojan-activity;sid:84157394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294295)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.i586"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gay.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294295/; classtype:trojan-activity;sid:84157395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294296)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"gay.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294296/; classtype:trojan-activity;sid:84157396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294297)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"gay.minehard.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294297/; classtype:trojan-activity;sid:84157397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294281)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"toibinghiensegay.minehard.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294281/; classtype:trojan-activity;sid:84157381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294282)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"toibinghiensegay.minehard.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294282/; classtype:trojan-activity;sid:84157382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294283)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"toibinghiensegay.minehard.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294283/; classtype:trojan-activity;sid:84157383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294284)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"toibinghiensegay.minehard.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294284/; classtype:trojan-activity;sid:84157384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294285)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"toibinghiensegay.minehard.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294285/; classtype:trojan-activity;sid:84157385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294286)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"toibinghiensegay.minehard.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294286/; classtype:trojan-activity;sid:84157386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294270)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.ppc440"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"139.59.242.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294270/; classtype:trojan-activity;sid:84157370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294271)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.59.242.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294271/; classtype:trojan-activity;sid:84157371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294272)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.59.242.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294272/; classtype:trojan-activity;sid:84157372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294273)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"toibinghiensegay.minehard.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294273/; classtype:trojan-activity;sid:84157373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294274)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"toibinghiensegay.minehard.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294274/; classtype:trojan-activity;sid:84157374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294275)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.i586"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"toibinghiensegay.minehard.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294275/; classtype:trojan-activity;sid:84157375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294276)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"toibinghiensegay.minehard.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294276/; classtype:trojan-activity;sid:84157376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294277)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"toibinghiensegay.minehard.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294277/; classtype:trojan-activity;sid:84157377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294278)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"toibinghiensegay.minehard.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294278/; classtype:trojan-activity;sid:84157378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294279)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"toibinghiensegay.minehard.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294279/; classtype:trojan-activity;sid:84157379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294280)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.ppc440"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"toibinghiensegay.minehard.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294280/; classtype:trojan-activity;sid:84157380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294266)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"139.59.242.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294266/; classtype:trojan-activity;sid:84157366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.239.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294267/; classtype:trojan-activity;sid:84157367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294268)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.59.242.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294268/; classtype:trojan-activity;sid:84157368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.224.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294269/; classtype:trojan-activity;sid:84157369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294264)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.59.242.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294264/; classtype:trojan-activity;sid:84157364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294265)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.i586"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.59.242.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294265/; classtype:trojan-activity;sid:84157365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294256)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139.59.242.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294256/; classtype:trojan-activity;sid:84157356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294257)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139.59.242.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294257/; classtype:trojan-activity;sid:84157357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294258)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139.59.242.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294258/; classtype:trojan-activity;sid:84157358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294259)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.59.242.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294259/; classtype:trojan-activity;sid:84157359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294260)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.59.242.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294260/; classtype:trojan-activity;sid:84157360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294261)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139.59.242.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294261/; classtype:trojan-activity;sid:84157361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294262)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.59.242.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294262/; classtype:trojan-activity;sid:84157362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294263)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yagi.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139.59.242.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294263/; classtype:trojan-activity;sid:84157363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.214.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294255/; classtype:trojan-activity;sid:84157355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.112.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294254/; classtype:trojan-activity;sid:84157354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.35.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294253/; classtype:trojan-activity;sid:84157353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294250)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/kkfmcjf.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294250/; classtype:trojan-activity;sid:84157350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294251)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/bpokoes.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294251/; classtype:trojan-activity;sid:84157351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294252)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/fgmjkjb.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294252/; classtype:trojan-activity;sid:84157352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.252.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294249/; classtype:trojan-activity;sid:84157349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.16.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294248/; classtype:trojan-activity;sid:84157348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.241.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294247/; classtype:trojan-activity;sid:84157347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.61.230.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294246/; classtype:trojan-activity;sid:84157346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.60.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294245/; classtype:trojan-activity;sid:84157345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.57.77.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294244/; classtype:trojan-activity;sid:84157344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294243/; classtype:trojan-activity;sid:84157343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.70.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294242/; classtype:trojan-activity;sid:84157342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.100.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294241/; classtype:trojan-activity;sid:84157341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.233.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294240/; classtype:trojan-activity;sid:84157340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.214.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294239/; classtype:trojan-activity;sid:84157339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294238/; classtype:trojan-activity;sid:84157338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.214.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294237/; classtype:trojan-activity;sid:84157337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.16.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294236/; classtype:trojan-activity;sid:84157336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294235)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294235/; classtype:trojan-activity;sid:84157335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.211.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294234/; classtype:trojan-activity;sid:84157334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.3.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294233/; classtype:trojan-activity;sid:84157333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.60.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294232/; classtype:trojan-activity;sid:84157332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.77.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294231/; classtype:trojan-activity;sid:84157331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.252.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294230/; classtype:trojan-activity;sid:84157330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.147.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294229/; classtype:trojan-activity;sid:84157329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294228)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.58.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294228/; classtype:trojan-activity;sid:84157328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.19.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294227/; classtype:trojan-activity;sid:84157327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294226)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.187.250.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294226/; classtype:trojan-activity;sid:84157326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.158.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294224/; classtype:trojan-activity;sid:84157324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.52.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294225/; classtype:trojan-activity;sid:84157325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.24.71"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294223/; classtype:trojan-activity;sid:84157323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.124.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294222/; classtype:trojan-activity;sid:84157322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.109.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294221/; classtype:trojan-activity;sid:84157321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294220)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.250.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294220/; classtype:trojan-activity;sid:84157320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.8.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294219/; classtype:trojan-activity;sid:84157319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.22.12"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294218/; classtype:trojan-activity;sid:84157318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.104.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294217/; classtype:trojan-activity;sid:84157317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.68.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294216/; classtype:trojan-activity;sid:84157316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.158.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294215/; classtype:trojan-activity;sid:84157315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.205.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294214/; classtype:trojan-activity;sid:84157314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.164.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294213/; classtype:trojan-activity;sid:84157313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.124.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294212/; classtype:trojan-activity;sid:84157312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.8.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294211/; classtype:trojan-activity;sid:84157311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.82.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294210/; classtype:trojan-activity;sid:84157310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.2.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294209/; classtype:trojan-activity;sid:84157309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.78.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294208/; classtype:trojan-activity;sid:84157308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.5.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294207/; classtype:trojan-activity;sid:84157307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.45.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294206/; classtype:trojan-activity;sid:84157306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294205/; classtype:trojan-activity;sid:84157305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.43.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294204/; classtype:trojan-activity;sid:84157304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.41.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294203/; classtype:trojan-activity;sid:84157303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294202)"; flow:established,from_client; content:"GET"; http_method; content:"/pineapple.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"blacksmatter.live"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294202/; classtype:trojan-activity;sid:84157302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.210.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294200/; classtype:trojan-activity;sid:84157300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.220.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294201/; classtype:trojan-activity;sid:84157301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.107.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294198/; classtype:trojan-activity;sid:84157298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.20.3.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294199/; classtype:trojan-activity;sid:84157299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.24.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294197/; classtype:trojan-activity;sid:84157297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.5.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294196/; classtype:trojan-activity;sid:84157296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.8.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294194/; classtype:trojan-activity;sid:84157294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.82.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294195/; classtype:trojan-activity;sid:84157295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.39.129.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294193/; classtype:trojan-activity;sid:84157293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.45.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294192/; classtype:trojan-activity;sid:84157292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294190/; classtype:trojan-activity;sid:84157290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.105.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294191/; classtype:trojan-activity;sid:84157291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.71.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294189/; classtype:trojan-activity;sid:84157289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.30.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294188/; classtype:trojan-activity;sid:84157288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.193.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294187/; classtype:trojan-activity;sid:84157287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.230.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294186/; classtype:trojan-activity;sid:84157286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294185)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.51.101.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294185/; classtype:trojan-activity;sid:84157285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.109.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294184/; classtype:trojan-activity;sid:84157284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.128.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294183/; classtype:trojan-activity;sid:84157283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.175.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294182/; classtype:trojan-activity;sid:84157282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.41.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294181/; classtype:trojan-activity;sid:84157281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.67.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294180/; classtype:trojan-activity;sid:84157280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.128.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294179/; classtype:trojan-activity;sid:84157279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.107.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294178/; classtype:trojan-activity;sid:84157278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.118.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294177/; classtype:trojan-activity;sid:84157277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.9.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294176/; classtype:trojan-activity;sid:84157276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.39.129.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294175/; classtype:trojan-activity;sid:84157275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.71.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294174/; classtype:trojan-activity;sid:84157274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.45.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294173/; classtype:trojan-activity;sid:84157273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.56.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294172/; classtype:trojan-activity;sid:84157272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294171)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.42.74.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294171/; classtype:trojan-activity;sid:84157271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.105.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294170/; classtype:trojan-activity;sid:84157270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.56.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294169/; classtype:trojan-activity;sid:84157269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.44.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294168/; classtype:trojan-activity;sid:84157268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.168.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294167/; classtype:trojan-activity;sid:84157267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.49.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294166/; classtype:trojan-activity;sid:84157266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.71.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294165/; classtype:trojan-activity;sid:84157265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.185.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294164/; classtype:trojan-activity;sid:84157264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.216.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294163/; classtype:trojan-activity;sid:84157263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.96.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294162/; classtype:trojan-activity;sid:84157262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.96.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294161/; classtype:trojan-activity;sid:84157261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.112.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294160/; classtype:trojan-activity;sid:84157260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294156)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.85.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294156/; classtype:trojan-activity;sid:84157256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.181.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294157/; classtype:trojan-activity;sid:84157257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.97.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294158/; classtype:trojan-activity;sid:84157258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294159/; classtype:trojan-activity;sid:84157259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.141.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294155/; classtype:trojan-activity;sid:84157255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.44.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294154/; classtype:trojan-activity;sid:84157254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.71.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294153/; classtype:trojan-activity;sid:84157253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.49.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294152/; classtype:trojan-activity;sid:84157252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.216.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294151/; classtype:trojan-activity;sid:84157251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294150)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.251.217.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294150/; classtype:trojan-activity;sid:84157250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.80.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294149/; classtype:trojan-activity;sid:84157249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.9.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294148/; classtype:trojan-activity;sid:84157248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.244.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294147/; classtype:trojan-activity;sid:84157247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.185.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294146/; classtype:trojan-activity;sid:84157246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.133.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294145/; classtype:trojan-activity;sid:84157245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.0.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294144/; classtype:trojan-activity;sid:84157244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.93.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294143/; classtype:trojan-activity;sid:84157243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294142/; classtype:trojan-activity;sid:84157242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.58.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294141/; classtype:trojan-activity;sid:84157241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.3.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294139/; classtype:trojan-activity;sid:84157239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.154.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294140/; classtype:trojan-activity;sid:84157240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.108.177.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294138/; classtype:trojan-activity;sid:84157238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.52.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294137/; classtype:trojan-activity;sid:84157237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.131.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294136/; classtype:trojan-activity;sid:84157236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.244.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294135/; classtype:trojan-activity;sid:84157235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.244.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294134/; classtype:trojan-activity;sid:84157234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.76.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294133/; classtype:trojan-activity;sid:84157233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.26.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294132/; classtype:trojan-activity;sid:84157232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.96.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294131/; classtype:trojan-activity;sid:84157231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.209.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294130/; classtype:trojan-activity;sid:84157230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.111.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294129/; classtype:trojan-activity;sid:84157229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.110.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294128/; classtype:trojan-activity;sid:84157228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.35.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294127/; classtype:trojan-activity;sid:84157227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.110.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294126/; classtype:trojan-activity;sid:84157226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.207.39.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294125/; classtype:trojan-activity;sid:84157225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.52.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294124/; classtype:trojan-activity;sid:84157224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.94.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294123/; classtype:trojan-activity;sid:84157223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.249.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294122/; classtype:trojan-activity;sid:84157222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.113.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294121/; classtype:trojan-activity;sid:84157221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.19.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294120/; classtype:trojan-activity;sid:84157220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.254.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294119/; classtype:trojan-activity;sid:84157219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.114.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294118/; classtype:trojan-activity;sid:84157218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.36.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294117/; classtype:trojan-activity;sid:84157217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.207.39.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294116/; classtype:trojan-activity;sid:84157216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.218.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294115/; classtype:trojan-activity;sid:84157215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.240.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294113/; classtype:trojan-activity;sid:84157213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.247.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294114/; classtype:trojan-activity;sid:84157214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.218.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294111/; classtype:trojan-activity;sid:84157211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.65.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294112/; classtype:trojan-activity;sid:84157212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.17.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294109/; classtype:trojan-activity;sid:84157209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294110/; classtype:trojan-activity;sid:84157210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.177.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294108/; classtype:trojan-activity;sid:84157208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.178.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294106/; classtype:trojan-activity;sid:84157206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.176.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294107/; classtype:trojan-activity;sid:84157207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.107.25.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294105/; classtype:trojan-activity;sid:84157205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.143.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294104/; classtype:trojan-activity;sid:84157204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.120.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294103/; classtype:trojan-activity;sid:84157203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.218.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294102/; classtype:trojan-activity;sid:84157202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.146.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294101/; classtype:trojan-activity;sid:84157201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.19.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294100/; classtype:trojan-activity;sid:84157200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.148.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294099/; classtype:trojan-activity;sid:84157199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.64.130.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294098/; classtype:trojan-activity;sid:84157198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.62.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294097/; classtype:trojan-activity;sid:84157197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.148.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294096/; classtype:trojan-activity;sid:84157196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.94.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294095/; classtype:trojan-activity;sid:84157195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.177.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294094/; classtype:trojan-activity;sid:84157194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294093)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.170.218.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294093/; classtype:trojan-activity;sid:84157193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.176.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294092/; classtype:trojan-activity;sid:84157192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294091/; classtype:trojan-activity;sid:84157191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.152.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294090/; classtype:trojan-activity;sid:84157190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.66.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294089/; classtype:trojan-activity;sid:84157189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.33.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294088/; classtype:trojan-activity;sid:84157188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.208.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294087/; classtype:trojan-activity;sid:84157187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.120.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294086/; classtype:trojan-activity;sid:84157186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.142.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294085/; classtype:trojan-activity;sid:84157185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.101.37.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294084/; classtype:trojan-activity;sid:84157184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.139.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294082/; classtype:trojan-activity;sid:84157182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294083/; classtype:trojan-activity;sid:84157183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.178.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294081/; classtype:trojan-activity;sid:84157181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.64.130.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294080/; classtype:trojan-activity;sid:84157180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.66.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294079/; classtype:trojan-activity;sid:84157179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.246.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294078/; classtype:trojan-activity;sid:84157178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.112.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294077/; classtype:trojan-activity;sid:84157177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.80.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294076/; classtype:trojan-activity;sid:84157176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294075)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294075/; classtype:trojan-activity;sid:84157175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.95.62.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294073/; classtype:trojan-activity;sid:84157173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.168.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294074/; classtype:trojan-activity;sid:84157174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.208.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294072/; classtype:trojan-activity;sid:84157172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.90.244.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294071/; classtype:trojan-activity;sid:84157171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.160.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294070/; classtype:trojan-activity;sid:84157170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.57.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294069/; classtype:trojan-activity;sid:84157169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.223.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294068/; classtype:trojan-activity;sid:84157168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.90.244.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294067/; classtype:trojan-activity;sid:84157167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.122.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294066/; classtype:trojan-activity;sid:84157166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.246.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294065/; classtype:trojan-activity;sid:84157165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.65.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294064/; classtype:trojan-activity;sid:84157164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.157.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294063/; classtype:trojan-activity;sid:84157163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.182.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294062/; classtype:trojan-activity;sid:84157162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.184.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294061/; classtype:trojan-activity;sid:84157161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.229.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294060/; classtype:trojan-activity;sid:84157160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.160.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294059/; classtype:trojan-activity;sid:84157159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.247.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294058/; classtype:trojan-activity;sid:84157158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.184.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294057/; classtype:trojan-activity;sid:84157157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.199.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294055/; classtype:trojan-activity;sid:84157155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.213.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294056/; classtype:trojan-activity;sid:84157156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.131.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294054/; classtype:trojan-activity;sid:84157154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.23.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294053/; classtype:trojan-activity;sid:84157153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.157.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294052/; classtype:trojan-activity;sid:84157152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.246.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294051/; classtype:trojan-activity;sid:84157151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.229.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294050/; classtype:trojan-activity;sid:84157150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.157.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294049/; classtype:trojan-activity;sid:84157149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.228.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294048/; classtype:trojan-activity;sid:84157148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.228.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294047/; classtype:trojan-activity;sid:84157147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.188.80.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294046/; classtype:trojan-activity;sid:84157146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.243.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294044/; classtype:trojan-activity;sid:84157144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.165.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294045/; classtype:trojan-activity;sid:84157145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.171.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294043/; classtype:trojan-activity;sid:84157143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.202.246.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294041/; classtype:trojan-activity;sid:84157141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.99.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294042/; classtype:trojan-activity;sid:84157142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.137.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294040/; classtype:trojan-activity;sid:84157140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.83.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294039/; classtype:trojan-activity;sid:84157139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.208.26.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294037/; classtype:trojan-activity;sid:84157137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294038)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.37.183.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294038/; classtype:trojan-activity;sid:84157138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.0.201"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294035/; classtype:trojan-activity;sid:84157135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.199.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294036/; classtype:trojan-activity;sid:84157136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294034)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ygtvv.events.socalpocis.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294034/; classtype:trojan-activity;sid:84157134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.8.213"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294033/; classtype:trojan-activity;sid:84157133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.99.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294032/; classtype:trojan-activity;sid:84157132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.83.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294031/; classtype:trojan-activity;sid:84157131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.202.246.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294030/; classtype:trojan-activity;sid:84157130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294029/; classtype:trojan-activity;sid:84157129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.137.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294028/; classtype:trojan-activity;sid:84157128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.234.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294027/; classtype:trojan-activity;sid:84157127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.59.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294026/; classtype:trojan-activity;sid:84157126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.94.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294024/; classtype:trojan-activity;sid:84157124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.50.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294025/; classtype:trojan-activity;sid:84157125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294023/; classtype:trojan-activity;sid:84157123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.7.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294022/; classtype:trojan-activity;sid:84157122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.8.213"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294021/; classtype:trojan-activity;sid:84157121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.226.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294020/; classtype:trojan-activity;sid:84157120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.107.239.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294019/; classtype:trojan-activity;sid:84157119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.70.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294018/; classtype:trojan-activity;sid:84157118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.77.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294017/; classtype:trojan-activity;sid:84157117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.151.253.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294016/; classtype:trojan-activity;sid:84157116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.248.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294015/; classtype:trojan-activity;sid:84157115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.50.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294014/; classtype:trojan-activity;sid:84157114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.70.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294013/; classtype:trojan-activity;sid:84157113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.99.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294012/; classtype:trojan-activity;sid:84157112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.220.162.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294011/; classtype:trojan-activity;sid:84157111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.181.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294010/; classtype:trojan-activity;sid:84157110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.107.239.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294009/; classtype:trojan-activity;sid:84157109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294008/; classtype:trojan-activity;sid:84157108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.77.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294006/; classtype:trojan-activity;sid:84157106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.59.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294007/; classtype:trojan-activity;sid:84157107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.186.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294005/; classtype:trojan-activity;sid:84157105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.57.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294004/; classtype:trojan-activity;sid:84157104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294003/; classtype:trojan-activity;sid:84157103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.197.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294001/; classtype:trojan-activity;sid:84157101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.7.204.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294002/; classtype:trojan-activity;sid:84157102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.248.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294000/; classtype:trojan-activity;sid:84157100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.139.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293999/; classtype:trojan-activity;sid:84157099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293998/; classtype:trojan-activity;sid:84157098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.51.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293997/; classtype:trojan-activity;sid:84157097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.92.20.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293996/; classtype:trojan-activity;sid:84157096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.8.46.114"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293995/; classtype:trojan-activity;sid:84157095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.89.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293991/; classtype:trojan-activity;sid:84157091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.93.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293992/; classtype:trojan-activity;sid:84157092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.226.36.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293993/; classtype:trojan-activity;sid:84157093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.237.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293994/; classtype:trojan-activity;sid:84157094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.1.146"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293990/; classtype:trojan-activity;sid:84157090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.17.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293989/; classtype:trojan-activity;sid:84157089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.95.62.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293988/; classtype:trojan-activity;sid:84157088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.69.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293987/; classtype:trojan-activity;sid:84157087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.139.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293986/; classtype:trojan-activity;sid:84157086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.1.146"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293985/; classtype:trojan-activity;sid:84157085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.186.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293984/; classtype:trojan-activity;sid:84157084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.108.177.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293983/; classtype:trojan-activity;sid:84157083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.69.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293982/; classtype:trojan-activity;sid:84157082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.57.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293980/; classtype:trojan-activity;sid:84157080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.18.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293981/; classtype:trojan-activity;sid:84157081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.133.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293978/; classtype:trojan-activity;sid:84157078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.174.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293979/; classtype:trojan-activity;sid:84157079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.149.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293977/; classtype:trojan-activity;sid:84157077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.207.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293976/; classtype:trojan-activity;sid:84157076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.7.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293975/; classtype:trojan-activity;sid:84157075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.90.244.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293974/; classtype:trojan-activity;sid:84157074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.14.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293973/; classtype:trojan-activity;sid:84157073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.166.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293972/; classtype:trojan-activity;sid:84157072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.236.160.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293970/; classtype:trojan-activity;sid:84157070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293971/; classtype:trojan-activity;sid:84157071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.95.62.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293969/; classtype:trojan-activity;sid:84157069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293968)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.182.183.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293968/; classtype:trojan-activity;sid:84157068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.145.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293967/; classtype:trojan-activity;sid:84157067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.207.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293966/; classtype:trojan-activity;sid:84157066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.72.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293965/; classtype:trojan-activity;sid:84157065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293964)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.249.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293964/; classtype:trojan-activity;sid:84157064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.57.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293963/; classtype:trojan-activity;sid:84157063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.80.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293962/; classtype:trojan-activity;sid:84157062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293960/; classtype:trojan-activity;sid:84157060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.21.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293961/; classtype:trojan-activity;sid:84157061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.133.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293959/; classtype:trojan-activity;sid:84157059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.52.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293958/; classtype:trojan-activity;sid:84157058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.25.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293957/; classtype:trojan-activity;sid:84157057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.188.251.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293956/; classtype:trojan-activity;sid:84157056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.108.157.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293955/; classtype:trojan-activity;sid:84157055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.87.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293954/; classtype:trojan-activity;sid:84157054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.42.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293953/; classtype:trojan-activity;sid:84157053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.72.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293952/; classtype:trojan-activity;sid:84157052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.92.199.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293951/; classtype:trojan-activity;sid:84157051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.62.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293950/; classtype:trojan-activity;sid:84157050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.100.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293949/; classtype:trojan-activity;sid:84157049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.157.144.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293948/; classtype:trojan-activity;sid:84157048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.226.88.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293947/; classtype:trojan-activity;sid:84157047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.240.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293946/; classtype:trojan-activity;sid:84157046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293944)"; flow:established,from_client; content:"GET"; http_method; content:"/viewprofile"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"b6a1e.language.sebtomato.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293944/; classtype:trojan-activity;sid:84157044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293945)"; flow:established,from_client; content:"GET"; http_method; content:"/viewprofile"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"26f0b.language.sebtomato.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293945/; classtype:trojan-activity;sid:84157045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.223.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293943/; classtype:trojan-activity;sid:84157043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.174.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293942/; classtype:trojan-activity;sid:84157042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293941)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.82.78.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293941/; classtype:trojan-activity;sid:84157041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293940/; classtype:trojan-activity;sid:84157040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.77.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293939/; classtype:trojan-activity;sid:84157039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.212.67.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293938/; classtype:trojan-activity;sid:84157038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.198.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293937/; classtype:trojan-activity;sid:84157037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.92.199.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293936/; classtype:trojan-activity;sid:84157036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.226.88.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293935/; classtype:trojan-activity;sid:84157035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.229.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293934/; classtype:trojan-activity;sid:84157034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.211.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293933/; classtype:trojan-activity;sid:84157033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.183.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293932/; classtype:trojan-activity;sid:84157032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.125.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293929/; classtype:trojan-activity;sid:84157029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.99.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293930/; classtype:trojan-activity;sid:84157030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.60.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293931/; classtype:trojan-activity;sid:84157031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.20.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293927/; classtype:trojan-activity;sid:84157027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.77.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293928/; classtype:trojan-activity;sid:84157028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.67.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293925/; classtype:trojan-activity;sid:84157025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.142.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293926/; classtype:trojan-activity;sid:84157026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293924/; classtype:trojan-activity;sid:84157024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.54.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293923/; classtype:trojan-activity;sid:84157023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.77.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293922/; classtype:trojan-activity;sid:84157022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293921/; classtype:trojan-activity;sid:84157021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.22.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293920/; classtype:trojan-activity;sid:84157020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293918/; classtype:trojan-activity;sid:84157018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.166.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293919/; classtype:trojan-activity;sid:84157019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.125.119.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293917/; classtype:trojan-activity;sid:84157017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.54.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293916/; classtype:trojan-activity;sid:84157016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.125.17.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293915/; classtype:trojan-activity;sid:84157015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293914/; classtype:trojan-activity;sid:84157014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.110.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293913/; classtype:trojan-activity;sid:84157013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.236.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293912/; classtype:trojan-activity;sid:84157012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.26.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293911/; classtype:trojan-activity;sid:84157011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293910)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.16.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293910/; classtype:trojan-activity;sid:84157010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293909/; classtype:trojan-activity;sid:84157009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.255.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293908/; classtype:trojan-activity;sid:84157008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.27.13.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293907/; classtype:trojan-activity;sid:84157007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.55.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293906/; classtype:trojan-activity;sid:84157006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.52.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293905/; classtype:trojan-activity;sid:84157005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.93.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293904/; classtype:trojan-activity;sid:84157004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.239.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293902/; classtype:trojan-activity;sid:84157002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.50.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293903/; classtype:trojan-activity;sid:84157003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.59.247.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293901/; classtype:trojan-activity;sid:84157001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.114.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293900/; classtype:trojan-activity;sid:84157000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.48.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293899/; classtype:trojan-activity;sid:84156999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.86.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293898/; classtype:trojan-activity;sid:84156998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.252.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293897/; classtype:trojan-activity;sid:84156997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.96.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293896/; classtype:trojan-activity;sid:84156996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.102.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293895/; classtype:trojan-activity;sid:84156995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293894)"; flow:established,from_client; content:"GET"; http_method; content:"/slf.msi"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gersgaming.s3.us-east-2.amazonaws.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293894/; classtype:trojan-activity;sid:84156994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.34.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293893/; classtype:trojan-activity;sid:84156993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.255.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293892/; classtype:trojan-activity;sid:84156992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.49.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293891/; classtype:trojan-activity;sid:84156991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.155.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293890/; classtype:trojan-activity;sid:84156990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.130.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293889/; classtype:trojan-activity;sid:84156989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.48.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293888/; classtype:trojan-activity;sid:84156988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.254.205.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293887/; classtype:trojan-activity;sid:84156987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.229.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293886/; classtype:trojan-activity;sid:84156986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.243.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293885/; classtype:trojan-activity;sid:84156985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.12.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293884/; classtype:trojan-activity;sid:84156984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.178.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293882/; classtype:trojan-activity;sid:84156982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.97.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293883/; classtype:trojan-activity;sid:84156983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.86.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293881/; classtype:trojan-activity;sid:84156981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.34.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293880/; classtype:trojan-activity;sid:84156980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.250.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293879/; classtype:trojan-activity;sid:84156979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.100.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293877/; classtype:trojan-activity;sid:84156977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.206.159.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293878/; classtype:trojan-activity;sid:84156978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.145.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293876/; classtype:trojan-activity;sid:84156976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293875)"; flow:established,from_client; content:"GET"; http_method; content:"/files/supportclientsetup.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293875/; classtype:trojan-activity;sid:84156975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.93.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293874/; classtype:trojan-activity;sid:84156974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.254.205.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293873/; classtype:trojan-activity;sid:84156973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.155.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293872/; classtype:trojan-activity;sid:84156972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.49.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293871/; classtype:trojan-activity;sid:84156971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.15.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293870/; classtype:trojan-activity;sid:84156970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.42.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293869/; classtype:trojan-activity;sid:84156969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.240.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293868/; classtype:trojan-activity;sid:84156968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.81.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293866/; classtype:trojan-activity;sid:84156966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.186.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293867/; classtype:trojan-activity;sid:84156967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.125.119.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293865/; classtype:trojan-activity;sid:84156965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.228.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293864/; classtype:trojan-activity;sid:84156964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.55.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293863/; classtype:trojan-activity;sid:84156963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.195.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293862/; classtype:trojan-activity;sid:84156962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.244.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293861/; classtype:trojan-activity;sid:84156961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.158.50.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293860/; classtype:trojan-activity;sid:84156960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.16.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293859/; classtype:trojan-activity;sid:84156959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.232.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293858/; classtype:trojan-activity;sid:84156958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.178.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293857/; classtype:trojan-activity;sid:84156957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.234.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293856/; classtype:trojan-activity;sid:84156956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.198.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293855/; classtype:trojan-activity;sid:84156955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.182.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293854/; classtype:trojan-activity;sid:84156954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.17.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293852/; classtype:trojan-activity;sid:84156952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.128.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293853/; classtype:trojan-activity;sid:84156953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.186.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293851/; classtype:trojan-activity;sid:84156951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.5.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293850/; classtype:trojan-activity;sid:84156950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.59.198"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293849/; classtype:trojan-activity;sid:84156949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.81.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293848/; classtype:trojan-activity;sid:84156948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.228.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293847/; classtype:trojan-activity;sid:84156947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.142.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293844/; classtype:trojan-activity;sid:84156944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.111.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293845/; classtype:trojan-activity;sid:84156945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.242.82.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293846/; classtype:trojan-activity;sid:84156946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.193.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293842/; classtype:trojan-activity;sid:84156942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.128.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293843/; classtype:trojan-activity;sid:84156943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.92.86.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293841/; classtype:trojan-activity;sid:84156941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.178.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293840/; classtype:trojan-activity;sid:84156940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293839)"; flow:established,from_client; content:"GET"; http_method; content:"/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293839/; classtype:trojan-activity;sid:84156939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.195.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293838/; classtype:trojan-activity;sid:84156938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293837)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293837/; classtype:trojan-activity;sid:84156937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293835)"; flow:established,from_client; content:"GET"; http_method; content:"/h"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293835/; classtype:trojan-activity;sid:84156935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.17.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293836/; classtype:trojan-activity;sid:84156936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293832)"; flow:established,from_client; content:"GET"; http_method; content:"/necr0.py"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293832/; classtype:trojan-activity;sid:84156932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293833)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293833/; classtype:trojan-activity;sid:84156933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293834)"; flow:established,from_client; content:"GET"; http_method; content:"/c1.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293834/; classtype:trojan-activity;sid:84156934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.146.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293831/; classtype:trojan-activity;sid:84156931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293830)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293830/; classtype:trojan-activity;sid:84156930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293826)"; flow:established,from_client; content:"GET"; http_method; content:"/c1"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293826/; classtype:trojan-activity;sid:84156926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293827)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293827/; classtype:trojan-activity;sid:84156927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293828)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293828/; classtype:trojan-activity;sid:84156928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293829)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293829/; classtype:trojan-activity;sid:84156929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293822)"; flow:established,from_client; content:"GET"; http_method; content:"/d"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293822/; classtype:trojan-activity;sid:84156922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293823)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293823/; classtype:trojan-activity;sid:84156923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293824)"; flow:established,from_client; content:"GET"; http_method; content:"/r"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293824/; classtype:trojan-activity;sid:84156924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293825)"; flow:established,from_client; content:"GET"; http_method; content:"/splash.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293825/; classtype:trojan-activity;sid:84156925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293812)"; flow:established,from_client; content:"GET"; http_method; content:"/z"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293812/; classtype:trojan-activity;sid:84156912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293813)"; flow:established,from_client; content:"GET"; http_method; content:"/e"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293813/; classtype:trojan-activity;sid:84156913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293814)"; flow:established,from_client; content:"GET"; http_method; content:"/get.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293814/; classtype:trojan-activity;sid:84156914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293815)"; flow:established,from_client; content:"GET"; http_method; content:"/76d32be0.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293815/; classtype:trojan-activity;sid:84156915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293816)"; flow:established,from_client; content:"GET"; http_method; content:"/u"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293816/; classtype:trojan-activity;sid:84156916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293817)"; flow:established,from_client; content:"GET"; http_method; content:"/v"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293817/; classtype:trojan-activity;sid:84156917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293818)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293818/; classtype:trojan-activity;sid:84156918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293819)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293819/; classtype:trojan-activity;sid:84156919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293820)"; flow:established,from_client; content:"GET"; http_method; content:"/yak.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293820/; classtype:trojan-activity;sid:84156920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293821)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293821/; classtype:trojan-activity;sid:84156921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293811)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.arm4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293811/; classtype:trojan-activity;sid:84156911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293807)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293807/; classtype:trojan-activity;sid:84156907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293808)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293808/; classtype:trojan-activity;sid:84156908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293809)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293809/; classtype:trojan-activity;sid:84156909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293810)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.sparc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293810/; classtype:trojan-activity;sid:84156910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293792)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293792/; classtype:trojan-activity;sid:84156892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293793)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293793/; classtype:trojan-activity;sid:84156893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293794)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293794/; classtype:trojan-activity;sid:84156894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293795)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293795/; classtype:trojan-activity;sid:84156895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293796)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293796/; classtype:trojan-activity;sid:84156896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293797)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.gponfiber"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293797/; classtype:trojan-activity;sid:84156897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293798)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293798/; classtype:trojan-activity;sid:84156898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293799)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293799/; classtype:trojan-activity;sid:84156899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293800)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293800/; classtype:trojan-activity;sid:84156900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293801)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293801/; classtype:trojan-activity;sid:84156901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293802)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293802/; classtype:trojan-activity;sid:84156902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293803)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293803/; classtype:trojan-activity;sid:84156903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293804)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293804/; classtype:trojan-activity;sid:84156904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293805)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293805/; classtype:trojan-activity;sid:84156905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293806)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.i586"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293806/; classtype:trojan-activity;sid:84156906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293777)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293777/; classtype:trojan-activity;sid:84156877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293778)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293778/; classtype:trojan-activity;sid:84156878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293779)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293779/; classtype:trojan-activity;sid:84156879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293780)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293780/; classtype:trojan-activity;sid:84156880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293781)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.mipsel"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293781/; classtype:trojan-activity;sid:84156881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293782)"; flow:established,from_client; content:"GET"; http_method; content:"/a/bot.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293782/; classtype:trojan-activity;sid:84156882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293783)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293783/; classtype:trojan-activity;sid:84156883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293784)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293784/; classtype:trojan-activity;sid:84156884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293785)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293785/; classtype:trojan-activity;sid:84156885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293786)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293786/; classtype:trojan-activity;sid:84156886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293787)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293787/; classtype:trojan-activity;sid:84156887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293788)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293788/; classtype:trojan-activity;sid:84156888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293789)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293789/; classtype:trojan-activity;sid:84156889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293790)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293790/; classtype:trojan-activity;sid:84156890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293791)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.vigor"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293791/; classtype:trojan-activity;sid:84156891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293772)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293772/; classtype:trojan-activity;sid:84156872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293773)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293773/; classtype:trojan-activity;sid:84156873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293774)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293774/; classtype:trojan-activity;sid:84156874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293775)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.i586"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293775/; classtype:trojan-activity;sid:84156875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293776)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293776/; classtype:trojan-activity;sid:84156876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293769)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293769/; classtype:trojan-activity;sid:84156869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293770)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293770/; classtype:trojan-activity;sid:84156870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293771)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sparc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293771/; classtype:trojan-activity;sid:84156871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293767)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293767/; classtype:trojan-activity;sid:84156867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293768)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293768/; classtype:trojan-activity;sid:84156868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293763)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.i586"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293763/; classtype:trojan-activity;sid:84156863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293764)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293764/; classtype:trojan-activity;sid:84156864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293765)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.mipsel"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293765/; classtype:trojan-activity;sid:84156865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293766)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293766/; classtype:trojan-activity;sid:84156866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293756)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293756/; classtype:trojan-activity;sid:84156856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293757)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293757/; classtype:trojan-activity;sid:84156857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293758)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293758/; classtype:trojan-activity;sid:84156858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293759)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293759/; classtype:trojan-activity;sid:84156859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293760)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293760/; classtype:trojan-activity;sid:84156860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293761)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i686"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293761/; classtype:trojan-activity;sid:84156861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293762)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.gponfiber"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293762/; classtype:trojan-activity;sid:84156862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293739)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293739/; classtype:trojan-activity;sid:84156839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293740)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.i586"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293740/; classtype:trojan-activity;sid:84156840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293741)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.i686"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293741/; classtype:trojan-activity;sid:84156841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293742)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293742/; classtype:trojan-activity;sid:84156842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293743)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293743/; classtype:trojan-activity;sid:84156843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293744)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293744/; classtype:trojan-activity;sid:84156844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293745)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.sparc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293745/; classtype:trojan-activity;sid:84156845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293746)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293746/; classtype:trojan-activity;sid:84156846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293747)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.sparc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293747/; classtype:trojan-activity;sid:84156847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293748)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293748/; classtype:trojan-activity;sid:84156848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293749)"; flow:established,from_client; content:"GET"; http_method; content:"/a/bot.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293749/; classtype:trojan-activity;sid:84156849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293750)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293750/; classtype:trojan-activity;sid:84156850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293751)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293751/; classtype:trojan-activity;sid:84156851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293752)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293752/; classtype:trojan-activity;sid:84156852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293753)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.mipsel"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293753/; classtype:trojan-activity;sid:84156853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293754)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293754/; classtype:trojan-activity;sid:84156854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293755)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293755/; classtype:trojan-activity;sid:84156855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293728)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293728/; classtype:trojan-activity;sid:84156828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293729)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293729/; classtype:trojan-activity;sid:84156829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293730)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.arm4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293730/; classtype:trojan-activity;sid:84156830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293731)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.vigor"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293731/; classtype:trojan-activity;sid:84156831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293732)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293732/; classtype:trojan-activity;sid:84156832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293733)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293733/; classtype:trojan-activity;sid:84156833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293734)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293734/; classtype:trojan-activity;sid:84156834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293735)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293735/; classtype:trojan-activity;sid:84156835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293736)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.arm4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293736/; classtype:trojan-activity;sid:84156836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293737)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293737/; classtype:trojan-activity;sid:84156837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293738)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293738/; classtype:trojan-activity;sid:84156838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293725)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293725/; classtype:trojan-activity;sid:84156825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293726)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293726/; classtype:trojan-activity;sid:84156826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293724)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293724/; classtype:trojan-activity;sid:84156824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293721)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293721/; classtype:trojan-activity;sid:84156821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293722)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293722/; classtype:trojan-activity;sid:84156822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293723)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293723/; classtype:trojan-activity;sid:84156823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293712)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293712/; classtype:trojan-activity;sid:84156812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293713)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293713/; classtype:trojan-activity;sid:84156813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293714)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293714/; classtype:trojan-activity;sid:84156814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293715)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293715/; classtype:trojan-activity;sid:84156815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293716)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293716/; classtype:trojan-activity;sid:84156816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293717)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293717/; classtype:trojan-activity;sid:84156817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293718)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293718/; classtype:trojan-activity;sid:84156818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293719)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293719/; classtype:trojan-activity;sid:84156819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293720)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293720/; classtype:trojan-activity;sid:84156820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.62.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293704/; classtype:trojan-activity;sid:84156804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293705)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293705/; classtype:trojan-activity;sid:84156805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293706)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293706/; classtype:trojan-activity;sid:84156806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293707)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293707/; classtype:trojan-activity;sid:84156807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293708)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293708/; classtype:trojan-activity;sid:84156808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293709)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293709/; classtype:trojan-activity;sid:84156809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293710)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293710/; classtype:trojan-activity;sid:84156810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293711)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293711/; classtype:trojan-activity;sid:84156811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293702)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yak.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293702/; classtype:trojan-activity;sid:84156802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293703)"; flow:established,from_client; content:"GET"; http_method; content:"/a/r"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293703/; classtype:trojan-activity;sid:84156803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293699)"; flow:established,from_client; content:"GET"; http_method; content:"/a/d"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293699/; classtype:trojan-activity;sid:84156799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293700)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/t"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293700/; classtype:trojan-activity;sid:84156800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293701)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/u"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293701/; classtype:trojan-activity;sid:84156801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293697)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/e"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293697/; classtype:trojan-activity;sid:84156797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293698)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293698/; classtype:trojan-activity;sid:84156798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293695)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/h"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293695/; classtype:trojan-activity;sid:84156795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293696)"; flow:established,from_client; content:"GET"; http_method; content:"/a/l"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293696/; classtype:trojan-activity;sid:84156796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293684)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/v"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293684/; classtype:trojan-activity;sid:84156784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293685)"; flow:established,from_client; content:"GET"; http_method; content:"/a/splash.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293685/; classtype:trojan-activity;sid:84156785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293686)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/splash.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293686/; classtype:trojan-activity;sid:84156786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293687)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/l"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293687/; classtype:trojan-activity;sid:84156787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293688)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/z"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293688/; classtype:trojan-activity;sid:84156788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293689)"; flow:established,from_client; content:"GET"; http_method; content:"/a/bins.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293689/; classtype:trojan-activity;sid:84156789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293690)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yak.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293690/; classtype:trojan-activity;sid:84156790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293691)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/r"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293691/; classtype:trojan-activity;sid:84156791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293692)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/wget.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293692/; classtype:trojan-activity;sid:84156792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293693)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293693/; classtype:trojan-activity;sid:84156793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293694)"; flow:established,from_client; content:"GET"; http_method; content:"/a/u"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293694/; classtype:trojan-activity;sid:84156794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293682)"; flow:established,from_client; content:"GET"; http_method; content:"/a/h"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293682/; classtype:trojan-activity;sid:84156782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293683)"; flow:established,from_client; content:"GET"; http_method; content:"/a/wget"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293683/; classtype:trojan-activity;sid:84156783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293681)"; flow:established,from_client; content:"GET"; http_method; content:"/a/e"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293681/; classtype:trojan-activity;sid:84156781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293680)"; flow:established,from_client; content:"GET"; http_method; content:"/a/v"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293680/; classtype:trojan-activity;sid:84156780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293674)"; flow:established,from_client; content:"GET"; http_method; content:"/a/t"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293674/; classtype:trojan-activity;sid:84156774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293675)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/d"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293675/; classtype:trojan-activity;sid:84156775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293676)"; flow:established,from_client; content:"GET"; http_method; content:"/a/wget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293676/; classtype:trojan-activity;sid:84156776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293677)"; flow:established,from_client; content:"GET"; http_method; content:"/a/z"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293677/; classtype:trojan-activity;sid:84156777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293678)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/wget"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293678/; classtype:trojan-activity;sid:84156778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293679)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/bins.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.23.237.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293679/; classtype:trojan-activity;sid:84156779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.149.60.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293673/; classtype:trojan-activity;sid:84156773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.143.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293672/; classtype:trojan-activity;sid:84156772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.156.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293671/; classtype:trojan-activity;sid:84156771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.226.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293670/; classtype:trojan-activity;sid:84156770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.106.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293669/; classtype:trojan-activity;sid:84156769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.178.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293668/; classtype:trojan-activity;sid:84156768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.182.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293667/; classtype:trojan-activity;sid:84156767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.220.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293666/; classtype:trojan-activity;sid:84156766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.252.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293665/; classtype:trojan-activity;sid:84156765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.84.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293664/; classtype:trojan-activity;sid:84156764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.5.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293663/; classtype:trojan-activity;sid:84156763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293662)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"151.25.70.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293662/; classtype:trojan-activity;sid:84156762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.143.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293660/; classtype:trojan-activity;sid:84156760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.125.17.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293661/; classtype:trojan-activity;sid:84156761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.193.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293659/; classtype:trojan-activity;sid:84156759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293658/; classtype:trojan-activity;sid:84156758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293657)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.96.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293657/; classtype:trojan-activity;sid:84156757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.164.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293656/; classtype:trojan-activity;sid:84156756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.216.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293654/; classtype:trojan-activity;sid:84156754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.30.87"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293655/; classtype:trojan-activity;sid:84156755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.84.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293653/; classtype:trojan-activity;sid:84156753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.246.158.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293652/; classtype:trojan-activity;sid:84156752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293649)"; flow:established,from_client; content:"GET"; http_method; content:"/atom.xml"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"11-14hotelmain.blogspot.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293649/; classtype:trojan-activity;sid:84156749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293650)"; flow:established,from_client; content:"GET"; http_method; content:"///////chutmarao.pdf"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"11-14hotelmain.blogspot.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293650/; classtype:trojan-activity;sid:84156750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293651)"; flow:established,from_client; content:"GET"; http_method; content:"/!api/2.0/snippets/chutiyamahi/edo85g/cdc8c03b4cba519a8be28c4c7a767299024471cb/files/mainhotel11-14.txt"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293651/; classtype:trojan-activity;sid:84156751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293648)"; flow:established,from_client; content:"GET"; http_method; content:"/ipfs/qmsyycjytmyo1dm2dwby6extmodmu1osbwtdmedtlreenc"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"ipfs.io"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293648/; classtype:trojan-activity;sid:84156748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.100.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293647/; classtype:trojan-activity;sid:84156747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.111.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293646/; classtype:trojan-activity;sid:84156746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.75.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293645/; classtype:trojan-activity;sid:84156745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.187.17.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293644/; classtype:trojan-activity;sid:84156744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.136.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293643/; classtype:trojan-activity;sid:84156743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293642/; classtype:trojan-activity;sid:84156742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.230.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293641/; classtype:trojan-activity;sid:84156741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.98.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293640/; classtype:trojan-activity;sid:84156740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293639/; classtype:trojan-activity;sid:84156739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.97.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293638/; classtype:trojan-activity;sid:84156738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.227.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293637/; classtype:trojan-activity;sid:84156737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.107.228.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293636/; classtype:trojan-activity;sid:84156736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.97.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293635/; classtype:trojan-activity;sid:84156735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.52.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293634/; classtype:trojan-activity;sid:84156734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.8.109.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293633/; classtype:trojan-activity;sid:84156733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.91.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293632/; classtype:trojan-activity;sid:84156732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.97.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293631/; classtype:trojan-activity;sid:84156731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293630/; classtype:trojan-activity;sid:84156730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.5.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293629/; classtype:trojan-activity;sid:84156729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.48.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293628/; classtype:trojan-activity;sid:84156728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.109.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293627/; classtype:trojan-activity;sid:84156727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.26.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293626/; classtype:trojan-activity;sid:84156726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.0.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293625/; classtype:trojan-activity;sid:84156725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.243.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293624/; classtype:trojan-activity;sid:84156724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.237.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293623/; classtype:trojan-activity;sid:84156723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.148.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293622/; classtype:trojan-activity;sid:84156722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293621)"; flow:established,from_client; content:"GET"; http_method; content:"/l7vmra"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293621/; classtype:trojan-activity;sid:84156721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293620)"; flow:established,from_client; content:"GET"; http_method; content:"/l7vmra"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293620/; classtype:trojan-activity;sid:84156720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293619)"; flow:established,from_client; content:"GET"; http_method; content:"/chelentano.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"95.163.152.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293619/; classtype:trojan-activity;sid:84156719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293618)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.242.164.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293618/; classtype:trojan-activity;sid:84156718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.187.17.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293617/; classtype:trojan-activity;sid:84156717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.227.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293616/; classtype:trojan-activity;sid:84156716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.101.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293615/; classtype:trojan-activity;sid:84156715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.107.228.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293614/; classtype:trojan-activity;sid:84156714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.48.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293613/; classtype:trojan-activity;sid:84156713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293612/; classtype:trojan-activity;sid:84156712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.137.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293611/; classtype:trojan-activity;sid:84156711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293610/; classtype:trojan-activity;sid:84156710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.5.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293609/; classtype:trojan-activity;sid:84156709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.50.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293608/; classtype:trojan-activity;sid:84156708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.26.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293606/; classtype:trojan-activity;sid:84156706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.80.0.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293607/; classtype:trojan-activity;sid:84156707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293605/; classtype:trojan-activity;sid:84156705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.214.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293604/; classtype:trojan-activity;sid:84156704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.250.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293603/; classtype:trojan-activity;sid:84156703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.50.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293602/; classtype:trojan-activity;sid:84156702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.87.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293601/; classtype:trojan-activity;sid:84156701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.43.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293600/; classtype:trojan-activity;sid:84156700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.166.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293599/; classtype:trojan-activity;sid:84156699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.161.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293598/; classtype:trojan-activity;sid:84156698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.81.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293596/; classtype:trojan-activity;sid:84156696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.121.83.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293597/; classtype:trojan-activity;sid:84156697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.59.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293595/; classtype:trojan-activity;sid:84156695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.9.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293594/; classtype:trojan-activity;sid:84156694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.125.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293593/; classtype:trojan-activity;sid:84156693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.26.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293592/; classtype:trojan-activity;sid:84156692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.244.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293590/; classtype:trojan-activity;sid:84156690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293591/; classtype:trojan-activity;sid:84156691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293589/; classtype:trojan-activity;sid:84156689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.166.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293588/; classtype:trojan-activity;sid:84156688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.245.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293587/; classtype:trojan-activity;sid:84156687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.73.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293586/; classtype:trojan-activity;sid:84156686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.166.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293585/; classtype:trojan-activity;sid:84156685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.70.203.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293584/; classtype:trojan-activity;sid:84156684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.156.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293583/; classtype:trojan-activity;sid:84156683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.245.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293581/; classtype:trojan-activity;sid:84156681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.43.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293582/; classtype:trojan-activity;sid:84156682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.73.24.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293580/; classtype:trojan-activity;sid:84156680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.50.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293579/; classtype:trojan-activity;sid:84156679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.73.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293578/; classtype:trojan-activity;sid:84156678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.8.46.114"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293577/; classtype:trojan-activity;sid:84156677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293575)"; flow:established,from_client; content:"GET"; http_method; content:"/adb/arm4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.202.35.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293575/; classtype:trojan-activity;sid:84156675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293576)"; flow:established,from_client; content:"GET"; http_method; content:"/adb/arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.202.35.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293576/; classtype:trojan-activity;sid:84156676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293573)"; flow:established,from_client; content:"GET"; http_method; content:"/adb/arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.202.35.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293573/; classtype:trojan-activity;sid:84156673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293574)"; flow:established,from_client; content:"GET"; http_method; content:"/adb/arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.202.35.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293574/; classtype:trojan-activity;sid:84156674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.244.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293572/; classtype:trojan-activity;sid:84156672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.244.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293571/; classtype:trojan-activity;sid:84156671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293570)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.136.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293570/; classtype:trojan-activity;sid:84156670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.226.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293569/; classtype:trojan-activity;sid:84156669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.59.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293568/; classtype:trojan-activity;sid:84156668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.154.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293567/; classtype:trojan-activity;sid:84156667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.230.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293566/; classtype:trojan-activity;sid:84156666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.226.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293565/; classtype:trojan-activity;sid:84156665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.179.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293564/; classtype:trojan-activity;sid:84156664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.166.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293563/; classtype:trojan-activity;sid:84156663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.65.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293562/; classtype:trojan-activity;sid:84156662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293561/; classtype:trojan-activity;sid:84156661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.16.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293560/; classtype:trojan-activity;sid:84156660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.157.144.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293559/; classtype:trojan-activity;sid:84156659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.174.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293556/; classtype:trojan-activity;sid:84156656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.172.0.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293557/; classtype:trojan-activity;sid:84156657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.131.92.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293558/; classtype:trojan-activity;sid:84156658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.214.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293555/; classtype:trojan-activity;sid:84156655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.92.58.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293554/; classtype:trojan-activity;sid:84156654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.107.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293553/; classtype:trojan-activity;sid:84156653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.25.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293552/; classtype:trojan-activity;sid:84156652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.14.3.170"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293551/; classtype:trojan-activity;sid:84156651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.73.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293550/; classtype:trojan-activity;sid:84156650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.24.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293549/; classtype:trojan-activity;sid:84156649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.82.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293548/; classtype:trojan-activity;sid:84156648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.36.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293545/; classtype:trojan-activity;sid:84156645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.255.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293546/; classtype:trojan-activity;sid:84156646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.15.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293547/; classtype:trojan-activity;sid:84156647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.70.203.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293544/; classtype:trojan-activity;sid:84156644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.0.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293543/; classtype:trojan-activity;sid:84156643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.144.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293542/; classtype:trojan-activity;sid:84156642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.5.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293541/; classtype:trojan-activity;sid:84156641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.25.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293540/; classtype:trojan-activity;sid:84156640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.253.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293539/; classtype:trojan-activity;sid:84156639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.58.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293538/; classtype:trojan-activity;sid:84156638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.176.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293537/; classtype:trojan-activity;sid:84156637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.173.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293536/; classtype:trojan-activity;sid:84156636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.193.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293535/; classtype:trojan-activity;sid:84156635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.15.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293534/; classtype:trojan-activity;sid:84156634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.161.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293533/; classtype:trojan-activity;sid:84156633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.94.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293532/; classtype:trojan-activity;sid:84156632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.131.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293531/; classtype:trojan-activity;sid:84156631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.100.248.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293530/; classtype:trojan-activity;sid:84156630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.202.246.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293529/; classtype:trojan-activity;sid:84156629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.107.25.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293528/; classtype:trojan-activity;sid:84156628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.199.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293526/; classtype:trojan-activity;sid:84156626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.89.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293527/; classtype:trojan-activity;sid:84156627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293525)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.33.239.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293525/; classtype:trojan-activity;sid:84156625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293524/; classtype:trojan-activity;sid:84156624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.19.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293523/; classtype:trojan-activity;sid:84156623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.253.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293522/; classtype:trojan-activity;sid:84156622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.199.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293521/; classtype:trojan-activity;sid:84156621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.31.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293520/; classtype:trojan-activity;sid:84156620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.103.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293518/; classtype:trojan-activity;sid:84156618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.107.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293519/; classtype:trojan-activity;sid:84156619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.255.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293517/; classtype:trojan-activity;sid:84156617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.193.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293516/; classtype:trojan-activity;sid:84156616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.170.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293515/; classtype:trojan-activity;sid:84156615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.94.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293514/; classtype:trojan-activity;sid:84156614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.180.38.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293513/; classtype:trojan-activity;sid:84156613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.58.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293511/; classtype:trojan-activity;sid:84156611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.125.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293512/; classtype:trojan-activity;sid:84156612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.150.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293510/; classtype:trojan-activity;sid:84156610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.52.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293508/; classtype:trojan-activity;sid:84156608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.131.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293509/; classtype:trojan-activity;sid:84156609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.125.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293507/; classtype:trojan-activity;sid:84156607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.161.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293506/; classtype:trojan-activity;sid:84156606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.189.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293505/; classtype:trojan-activity;sid:84156605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.252.205.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293504/; classtype:trojan-activity;sid:84156604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.190.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293503/; classtype:trojan-activity;sid:84156603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.8.194"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293501/; classtype:trojan-activity;sid:84156601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.44.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293502/; classtype:trojan-activity;sid:84156602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.199.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293500/; classtype:trojan-activity;sid:84156600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293499/; classtype:trojan-activity;sid:84156599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.80.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293496/; classtype:trojan-activity;sid:84156596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.219.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293497/; classtype:trojan-activity;sid:84156597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.76.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293498/; classtype:trojan-activity;sid:84156598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.89.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293494/; classtype:trojan-activity;sid:84156594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.176.101.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293495/; classtype:trojan-activity;sid:84156595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.241.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293493/; classtype:trojan-activity;sid:84156593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.39.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293492/; classtype:trojan-activity;sid:84156592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.159.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293491/; classtype:trojan-activity;sid:84156591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.216.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293490/; classtype:trojan-activity;sid:84156590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.150.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293489/; classtype:trojan-activity;sid:84156589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.122.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293488/; classtype:trojan-activity;sid:84156588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.44.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293487/; classtype:trojan-activity;sid:84156587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293486/; classtype:trojan-activity;sid:84156586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.126.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293485/; classtype:trojan-activity;sid:84156585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.20.228.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293484/; classtype:trojan-activity;sid:84156584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.190.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293483/; classtype:trojan-activity;sid:84156583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.104.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293482/; classtype:trojan-activity;sid:84156582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.39.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293481/; classtype:trojan-activity;sid:84156581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.92.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293480/; classtype:trojan-activity;sid:84156580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293479/; classtype:trojan-activity;sid:84156579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.127.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293478/; classtype:trojan-activity;sid:84156578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.107.25.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293477/; classtype:trojan-activity;sid:84156577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.238.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293476/; classtype:trojan-activity;sid:84156576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.17.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293475/; classtype:trojan-activity;sid:84156575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.8.194"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293474/; classtype:trojan-activity;sid:84156574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.216.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293472/; classtype:trojan-activity;sid:84156572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293473/; classtype:trojan-activity;sid:84156573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.108.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293470/; classtype:trojan-activity;sid:84156570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.184.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293471/; classtype:trojan-activity;sid:84156571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.71.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293469/; classtype:trojan-activity;sid:84156569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.28.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293468/; classtype:trojan-activity;sid:84156568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.25.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293467/; classtype:trojan-activity;sid:84156567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293466)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.230.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293466/; classtype:trojan-activity;sid:84156566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.164.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293465/; classtype:trojan-activity;sid:84156565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293464/; classtype:trojan-activity;sid:84156564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.24.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293463/; classtype:trojan-activity;sid:84156563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.41.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293462/; classtype:trojan-activity;sid:84156562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.21.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293460/; classtype:trojan-activity;sid:84156560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.114.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293461/; classtype:trojan-activity;sid:84156561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.172.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293459/; classtype:trojan-activity;sid:84156559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.26.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293458/; classtype:trojan-activity;sid:84156558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.167.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293457/; classtype:trojan-activity;sid:84156557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.172.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293456/; classtype:trojan-activity;sid:84156556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.173.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293455/; classtype:trojan-activity;sid:84156555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.28.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293454/; classtype:trojan-activity;sid:84156554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.122.255.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293453/; classtype:trojan-activity;sid:84156553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.25.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293451/; classtype:trojan-activity;sid:84156551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.185.49.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293452/; classtype:trojan-activity;sid:84156552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.87.177.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293449/; classtype:trojan-activity;sid:84156549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.35.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293450/; classtype:trojan-activity;sid:84156550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.124.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293448/; classtype:trojan-activity;sid:84156548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.92.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293447/; classtype:trojan-activity;sid:84156547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.17.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293446/; classtype:trojan-activity;sid:84156546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.41.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293445/; classtype:trojan-activity;sid:84156545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.14.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293444/; classtype:trojan-activity;sid:84156544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293443)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.47.16.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293443/; classtype:trojan-activity;sid:84156543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.99.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293442/; classtype:trojan-activity;sid:84156542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.66.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293441/; classtype:trojan-activity;sid:84156541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.114.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293440/; classtype:trojan-activity;sid:84156540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293439)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.196.118.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293439/; classtype:trojan-activity;sid:84156539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.82.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293438/; classtype:trojan-activity;sid:84156538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.24.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293437/; classtype:trojan-activity;sid:84156537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.101.37.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293436/; classtype:trojan-activity;sid:84156536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293435/; classtype:trojan-activity;sid:84156535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293434)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.15.61"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293434/; classtype:trojan-activity;sid:84156534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.16.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293433/; classtype:trojan-activity;sid:84156533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.102.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293432/; classtype:trojan-activity;sid:84156532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.201.111.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293431/; classtype:trojan-activity;sid:84156531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.71.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293430/; classtype:trojan-activity;sid:84156530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.203.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293429/; classtype:trojan-activity;sid:84156529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.173.75.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293428/; classtype:trojan-activity;sid:84156528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.35.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293427/; classtype:trojan-activity;sid:84156527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.122.255.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293425/; classtype:trojan-activity;sid:84156525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.87.177.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293426/; classtype:trojan-activity;sid:84156526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.87.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293423/; classtype:trojan-activity;sid:84156523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.94.191.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293424/; classtype:trojan-activity;sid:84156524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.92.185.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293422/; classtype:trojan-activity;sid:84156522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.207.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293421/; classtype:trojan-activity;sid:84156521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.196.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293420/; classtype:trojan-activity;sid:84156520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.75.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293418/; classtype:trojan-activity;sid:84156518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.59.153.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293419/; classtype:trojan-activity;sid:84156519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.210.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293417/; classtype:trojan-activity;sid:84156517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.92.20.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293416/; classtype:trojan-activity;sid:84156516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.51.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293415/; classtype:trojan-activity;sid:84156515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.8.208"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293414/; classtype:trojan-activity;sid:84156514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.99.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293413/; classtype:trojan-activity;sid:84156513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.42.127.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293412/; classtype:trojan-activity;sid:84156512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.228.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293411/; classtype:trojan-activity;sid:84156511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.94.67.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293410/; classtype:trojan-activity;sid:84156510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.102.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293409/; classtype:trojan-activity;sid:84156509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.210.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293408/; classtype:trojan-activity;sid:84156508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.207.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293407/; classtype:trojan-activity;sid:84156507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.227.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293406/; classtype:trojan-activity;sid:84156506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.255.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293405/; classtype:trojan-activity;sid:84156505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.196.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293404/; classtype:trojan-activity;sid:84156504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.59.153.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293402/; classtype:trojan-activity;sid:84156502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.95.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293403/; classtype:trojan-activity;sid:84156503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.20.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293401/; classtype:trojan-activity;sid:84156501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.109.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293400/; classtype:trojan-activity;sid:84156500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.106.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293399/; classtype:trojan-activity;sid:84156499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.51.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293398/; classtype:trojan-activity;sid:84156498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.201.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293397/; classtype:trojan-activity;sid:84156497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.230.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293396/; classtype:trojan-activity;sid:84156496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.183.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293395/; classtype:trojan-activity;sid:84156495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.228.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293394/; classtype:trojan-activity;sid:84156494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.5.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293393/; classtype:trojan-activity;sid:84156493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.238.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293392/; classtype:trojan-activity;sid:84156492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.47.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293390/; classtype:trojan-activity;sid:84156490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.25.232.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293391/; classtype:trojan-activity;sid:84156491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.141.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293389/; classtype:trojan-activity;sid:84156489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.32.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293388/; classtype:trojan-activity;sid:84156488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.64.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293387/; classtype:trojan-activity;sid:84156487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.150.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293386/; classtype:trojan-activity;sid:84156486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.184.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293384/; classtype:trojan-activity;sid:84156484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.26.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293385/; classtype:trojan-activity;sid:84156485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.43.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293383/; classtype:trojan-activity;sid:84156483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.62.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293382/; classtype:trojan-activity;sid:84156482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.47.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293381/; classtype:trojan-activity;sid:84156481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.153.213.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293379/; classtype:trojan-activity;sid:84156479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.125.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293380/; classtype:trojan-activity;sid:84156480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.76.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293378/; classtype:trojan-activity;sid:84156478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.5.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293377/; classtype:trojan-activity;sid:84156477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.49.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293375/; classtype:trojan-activity;sid:84156475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.97.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293376/; classtype:trojan-activity;sid:84156476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.7.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293374/; classtype:trojan-activity;sid:84156474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.16.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293373/; classtype:trojan-activity;sid:84156473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.213.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293372/; classtype:trojan-activity;sid:84156472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.78.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293371/; classtype:trojan-activity;sid:84156471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.106.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293370/; classtype:trojan-activity;sid:84156470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293369/; classtype:trojan-activity;sid:84156469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.184.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293368/; classtype:trojan-activity;sid:84156468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.124.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293367/; classtype:trojan-activity;sid:84156467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.30.87"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293366/; classtype:trojan-activity;sid:84156466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.114.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293365/; classtype:trojan-activity;sid:84156465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.125.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293364/; classtype:trojan-activity;sid:84156464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.121.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293363/; classtype:trojan-activity;sid:84156463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.23.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293361/; classtype:trojan-activity;sid:84156461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.232.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293362/; classtype:trojan-activity;sid:84156462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.26.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293360/; classtype:trojan-activity;sid:84156460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.62.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293358/; classtype:trojan-activity;sid:84156458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.33.218.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293359/; classtype:trojan-activity;sid:84156459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.110.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293357/; classtype:trojan-activity;sid:84156457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.105.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293356/; classtype:trojan-activity;sid:84156456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.86.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293355/; classtype:trojan-activity;sid:84156455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293353)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293353/; classtype:trojan-activity;sid:84156453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.78.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293354/; classtype:trojan-activity;sid:84156454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.227.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293352/; classtype:trojan-activity;sid:84156452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.198.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293351/; classtype:trojan-activity;sid:84156451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.8.228"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293350/; classtype:trojan-activity;sid:84156450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.108.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293349/; classtype:trojan-activity;sid:84156449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.130.68.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293348/; classtype:trojan-activity;sid:84156448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"96.33.218.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293347/; classtype:trojan-activity;sid:84156447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.235.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293346/; classtype:trojan-activity;sid:84156446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.113.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293345/; classtype:trojan-activity;sid:84156445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.18.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293344/; classtype:trojan-activity;sid:84156444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.110.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293343/; classtype:trojan-activity;sid:84156443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.222.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293342/; classtype:trojan-activity;sid:84156442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.125.241.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293341/; classtype:trojan-activity;sid:84156441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.198.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293340/; classtype:trojan-activity;sid:84156440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.138.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293339/; classtype:trojan-activity;sid:84156439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.89.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293338/; classtype:trojan-activity;sid:84156438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.19.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293337/; classtype:trojan-activity;sid:84156437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.92.240.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293336/; classtype:trojan-activity;sid:84156436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"164.163.25.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293335/; classtype:trojan-activity;sid:84156435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293334/; classtype:trojan-activity;sid:84156434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293333/; classtype:trojan-activity;sid:84156433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.60.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293332/; classtype:trojan-activity;sid:84156432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.8.228"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293331/; classtype:trojan-activity;sid:84156431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.109.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293330/; classtype:trojan-activity;sid:84156430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.138.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293329/; classtype:trojan-activity;sid:84156429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.230.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293328/; classtype:trojan-activity;sid:84156428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293327)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.103.104.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293327/; classtype:trojan-activity;sid:84156427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.242.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293325/; classtype:trojan-activity;sid:84156425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.125.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293326/; classtype:trojan-activity;sid:84156426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.64.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293324/; classtype:trojan-activity;sid:84156424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.233.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293323/; classtype:trojan-activity;sid:84156423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.10.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293321/; classtype:trojan-activity;sid:84156421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.86.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293322/; classtype:trojan-activity;sid:84156422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.50.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293320/; classtype:trojan-activity;sid:84156420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.124.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293319/; classtype:trojan-activity;sid:84156419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.137.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293318/; classtype:trojan-activity;sid:84156418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.83.27"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293317/; classtype:trojan-activity;sid:84156417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.92.209.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293316/; classtype:trojan-activity;sid:84156416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293315/; classtype:trojan-activity;sid:84156415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.109.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293314/; classtype:trojan-activity;sid:84156414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.77.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293313/; classtype:trojan-activity;sid:84156413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.60.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293312/; classtype:trojan-activity;sid:84156412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.5.194"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293311/; classtype:trojan-activity;sid:84156411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.138.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293310/; classtype:trojan-activity;sid:84156410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.244.91.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293309/; classtype:trojan-activity;sid:84156409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.92.240.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293308/; classtype:trojan-activity;sid:84156408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.10.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293307/; classtype:trojan-activity;sid:84156407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.233.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293306/; classtype:trojan-activity;sid:84156406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.77.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293305/; classtype:trojan-activity;sid:84156405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.184.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293304/; classtype:trojan-activity;sid:84156404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.64.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293303/; classtype:trojan-activity;sid:84156403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.144.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293302/; classtype:trojan-activity;sid:84156402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293301)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.217.56.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293301/; classtype:trojan-activity;sid:84156401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.10.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293300/; classtype:trojan-activity;sid:84156400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.93.57.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293298/; classtype:trojan-activity;sid:84156398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.180.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293299/; classtype:trojan-activity;sid:84156399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.207.39.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293297/; classtype:trojan-activity;sid:84156397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.93.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293296/; classtype:trojan-activity;sid:84156396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.21.174.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293295/; classtype:trojan-activity;sid:84156395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.25.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293294/; classtype:trojan-activity;sid:84156394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.166.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293293/; classtype:trojan-activity;sid:84156393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.171.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293292/; classtype:trojan-activity;sid:84156392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.139.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293291/; classtype:trojan-activity;sid:84156391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.40.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293290/; classtype:trojan-activity;sid:84156390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.137.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293289/; classtype:trojan-activity;sid:84156389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.180.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293287/; classtype:trojan-activity;sid:84156387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.72.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293288/; classtype:trojan-activity;sid:84156388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.139.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293286/; classtype:trojan-activity;sid:84156386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.236.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293284/; classtype:trojan-activity;sid:84156384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.93.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293285/; classtype:trojan-activity;sid:84156385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.15.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293283/; classtype:trojan-activity;sid:84156383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.213.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293282/; classtype:trojan-activity;sid:84156382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.116.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293281/; classtype:trojan-activity;sid:84156381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.137.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293280/; classtype:trojan-activity;sid:84156380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.89.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293279/; classtype:trojan-activity;sid:84156379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.145.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293278/; classtype:trojan-activity;sid:84156378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.188.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293277/; classtype:trojan-activity;sid:84156377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.139.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293276/; classtype:trojan-activity;sid:84156376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.49.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293275/; classtype:trojan-activity;sid:84156375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.139.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293274/; classtype:trojan-activity;sid:84156374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.205.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293272/; classtype:trojan-activity;sid:84156372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.25.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293273/; classtype:trojan-activity;sid:84156373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.236.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293271/; classtype:trojan-activity;sid:84156371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.116.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293270/; classtype:trojan-activity;sid:84156370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.24.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293268/; classtype:trojan-activity;sid:84156368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.72.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293269/; classtype:trojan-activity;sid:84156369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.82.134.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293267/; classtype:trojan-activity;sid:84156367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.209.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293266/; classtype:trojan-activity;sid:84156366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.32.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293264/; classtype:trojan-activity;sid:84156364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.5.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293265/; classtype:trojan-activity;sid:84156365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.255.133.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293263/; classtype:trojan-activity;sid:84156363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.109.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293262/; classtype:trojan-activity;sid:84156362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.240.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293261/; classtype:trojan-activity;sid:84156361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.175.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293260/; classtype:trojan-activity;sid:84156360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.249.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293259/; classtype:trojan-activity;sid:84156359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.188.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293258/; classtype:trojan-activity;sid:84156358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.103.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293257/; classtype:trojan-activity;sid:84156357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.5.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293256/; classtype:trojan-activity;sid:84156356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.105.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293255/; classtype:trojan-activity;sid:84156355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.69.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293254/; classtype:trojan-activity;sid:84156354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.3.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293253/; classtype:trojan-activity;sid:84156353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.1.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293252/; classtype:trojan-activity;sid:84156352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.4.177"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293251/; classtype:trojan-activity;sid:84156351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293250)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.160.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293250/; classtype:trojan-activity;sid:84156350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.75.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293249/; classtype:trojan-activity;sid:84156349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.32.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293248/; classtype:trojan-activity;sid:84156348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.240.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293247/; classtype:trojan-activity;sid:84156347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293246/; classtype:trojan-activity;sid:84156346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.73.234.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293245/; classtype:trojan-activity;sid:84156345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.69.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293244/; classtype:trojan-activity;sid:84156344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.134.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293243/; classtype:trojan-activity;sid:84156343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293242)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.251.20.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293242/; classtype:trojan-activity;sid:84156342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.31.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293241/; classtype:trojan-activity;sid:84156341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.147.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293240/; classtype:trojan-activity;sid:84156340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.90.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293239/; classtype:trojan-activity;sid:84156339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.82.134.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293238/; classtype:trojan-activity;sid:84156338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.134.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293237/; classtype:trojan-activity;sid:84156337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.114.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293236/; classtype:trojan-activity;sid:84156336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.147.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293235/; classtype:trojan-activity;sid:84156335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293234)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.109.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293234/; classtype:trojan-activity;sid:84156334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.181.237.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293233/; classtype:trojan-activity;sid:84156333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.132.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293232/; classtype:trojan-activity;sid:84156332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.63.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293231/; classtype:trojan-activity;sid:84156331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293230)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.224.3.245"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293230/; classtype:trojan-activity;sid:84156330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.114.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293229/; classtype:trojan-activity;sid:84156329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.59.154.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293228/; classtype:trojan-activity;sid:84156328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.68.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293227/; classtype:trojan-activity;sid:84156327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.114.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293226/; classtype:trojan-activity;sid:84156326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293224)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.215.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293224/; classtype:trojan-activity;sid:84156324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293225)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293225/; classtype:trojan-activity;sid:84156325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.8.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293222/; classtype:trojan-activity;sid:84156322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.177.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293223/; classtype:trojan-activity;sid:84156323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.138.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293221/; classtype:trojan-activity;sid:84156321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.114.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293220/; classtype:trojan-activity;sid:84156320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.26.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293219/; classtype:trojan-activity;sid:84156319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.87.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293218/; classtype:trojan-activity;sid:84156318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.109.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293217/; classtype:trojan-activity;sid:84156317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.48.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293216/; classtype:trojan-activity;sid:84156316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.246.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293215/; classtype:trojan-activity;sid:84156315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.62.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293214/; classtype:trojan-activity;sid:84156314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.139.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293213/; classtype:trojan-activity;sid:84156313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293212/; classtype:trojan-activity;sid:84156312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.153.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293211/; classtype:trojan-activity;sid:84156311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.7.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293210/; classtype:trojan-activity;sid:84156310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.201.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293209/; classtype:trojan-activity;sid:84156309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.132.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293208/; classtype:trojan-activity;sid:84156308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.63.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293207/; classtype:trojan-activity;sid:84156307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293206/; classtype:trojan-activity;sid:84156306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.62.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293205/; classtype:trojan-activity;sid:84156305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.25.224.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293203/; classtype:trojan-activity;sid:84156303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293204/; classtype:trojan-activity;sid:84156304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.153.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293202/; classtype:trojan-activity;sid:84156302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.139.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293201/; classtype:trojan-activity;sid:84156301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.224.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293200/; classtype:trojan-activity;sid:84156300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.209.79.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293199/; classtype:trojan-activity;sid:84156299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.21.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293198/; classtype:trojan-activity;sid:84156298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.176.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293197/; classtype:trojan-activity;sid:84156297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.85.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293196/; classtype:trojan-activity;sid:84156296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293195/; classtype:trojan-activity;sid:84156295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.55.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293194/; classtype:trojan-activity;sid:84156294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.21.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293193/; classtype:trojan-activity;sid:84156293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.96.27"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293192/; classtype:trojan-activity;sid:84156292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.41.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293191/; classtype:trojan-activity;sid:84156291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.87.124"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293190/; classtype:trojan-activity;sid:84156290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.60.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293189/; classtype:trojan-activity;sid:84156289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.10.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293188/; classtype:trojan-activity;sid:84156288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.98.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293187/; classtype:trojan-activity;sid:84156287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293186)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.62.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293186/; classtype:trojan-activity;sid:84156286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.86.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293185/; classtype:trojan-activity;sid:84156285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.21.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293184/; classtype:trojan-activity;sid:84156284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293183/; classtype:trojan-activity;sid:84156283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.40.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293182/; classtype:trojan-activity;sid:84156282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.176.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293181/; classtype:trojan-activity;sid:84156281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.50.241.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293180/; classtype:trojan-activity;sid:84156280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293179/; classtype:trojan-activity;sid:84156279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.180.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293178/; classtype:trojan-activity;sid:84156278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.37.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293177/; classtype:trojan-activity;sid:84156277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.32.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293176/; classtype:trojan-activity;sid:84156276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293175/; classtype:trojan-activity;sid:84156275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.109.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293173/; classtype:trojan-activity;sid:84156273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.40.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293174/; classtype:trojan-activity;sid:84156274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.136.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293172/; classtype:trojan-activity;sid:84156272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.87.124"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293171/; classtype:trojan-activity;sid:84156271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.60.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293170/; classtype:trojan-activity;sid:84156270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.136.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293169/; classtype:trojan-activity;sid:84156269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.219.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293168/; classtype:trojan-activity;sid:84156268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.85.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293167/; classtype:trojan-activity;sid:84156267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.229.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293166/; classtype:trojan-activity;sid:84156266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.27.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293165/; classtype:trojan-activity;sid:84156265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.255.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293164/; classtype:trojan-activity;sid:84156264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.180.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293163/; classtype:trojan-activity;sid:84156263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.220.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293162/; classtype:trojan-activity;sid:84156262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.109.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293161/; classtype:trojan-activity;sid:84156261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293160)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.181.28.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293160/; classtype:trojan-activity;sid:84156260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.43.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293159/; classtype:trojan-activity;sid:84156259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.40.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293158/; classtype:trojan-activity;sid:84156258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.63.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293157/; classtype:trojan-activity;sid:84156257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.204.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293156/; classtype:trojan-activity;sid:84156256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.216.205.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293155/; classtype:trojan-activity;sid:84156255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.187.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293154/; classtype:trojan-activity;sid:84156254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.85.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293153/; classtype:trojan-activity;sid:84156253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293152/; classtype:trojan-activity;sid:84156252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.23.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293151/; classtype:trojan-activity;sid:84156251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.31.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293150/; classtype:trojan-activity;sid:84156250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.255.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293149/; classtype:trojan-activity;sid:84156249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.205.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293148/; classtype:trojan-activity;sid:84156248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.187.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293147/; classtype:trojan-activity;sid:84156247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.90.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293146/; classtype:trojan-activity;sid:84156246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.112.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293145/; classtype:trojan-activity;sid:84156245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.152.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293144/; classtype:trojan-activity;sid:84156244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.66.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293143/; classtype:trojan-activity;sid:84156243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.112.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293142/; classtype:trojan-activity;sid:84156242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.60.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293141/; classtype:trojan-activity;sid:84156241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.183.131.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293140/; classtype:trojan-activity;sid:84156240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.205.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293138/; classtype:trojan-activity;sid:84156238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.209.79.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293139/; classtype:trojan-activity;sid:84156239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293137)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.29.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293137/; classtype:trojan-activity;sid:84156237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.60.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293136/; classtype:trojan-activity;sid:84156236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.130.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293135/; classtype:trojan-activity;sid:84156235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.33.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293134/; classtype:trojan-activity;sid:84156234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.156.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293133/; classtype:trojan-activity;sid:84156233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.1.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293132/; classtype:trojan-activity;sid:84156232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.18.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293131/; classtype:trojan-activity;sid:84156231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.16.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293130/; classtype:trojan-activity;sid:84156230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.191.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293129/; classtype:trojan-activity;sid:84156229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.116.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293128/; classtype:trojan-activity;sid:84156228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.103.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293127/; classtype:trojan-activity;sid:84156227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.98.9.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293126/; classtype:trojan-activity;sid:84156226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.64.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293125/; classtype:trojan-activity;sid:84156225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.200.227.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293123/; classtype:trojan-activity;sid:84156223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.144.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293124/; classtype:trojan-activity;sid:84156224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.15.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293122/; classtype:trojan-activity;sid:84156222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293121/; classtype:trojan-activity;sid:84156221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.191.154.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293120/; classtype:trojan-activity;sid:84156220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.184.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293118/; classtype:trojan-activity;sid:84156218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.146.37.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293119/; classtype:trojan-activity;sid:84156219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.181.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293117/; classtype:trojan-activity;sid:84156217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293116/; classtype:trojan-activity;sid:84156216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.29.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293115/; classtype:trojan-activity;sid:84156215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.130.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293114/; classtype:trojan-activity;sid:84156214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.184.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293113/; classtype:trojan-activity;sid:84156213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.234.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293112/; classtype:trojan-activity;sid:84156212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293110)"; flow:established,from_client; content:"GET"; http_method; content:"/go"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293110/; classtype:trojan-activity;sid:84156210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293111)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293111/; classtype:trojan-activity;sid:84156211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293109)"; flow:established,from_client; content:"GET"; http_method; content:"/zgp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.213.187.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293109/; classtype:trojan-activity;sid:84156209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293108/; classtype:trojan-activity;sid:84156208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.56.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293107/; classtype:trojan-activity;sid:84156207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.146.37.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293106/; classtype:trojan-activity;sid:84156206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.182.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293105/; classtype:trojan-activity;sid:84156205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.253.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293104/; classtype:trojan-activity;sid:84156204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.234.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293103/; classtype:trojan-activity;sid:84156203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293102)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"137.184.54.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293102/; classtype:trojan-activity;sid:84156202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293101)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"devapi.wenano.app"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293101/; classtype:trojan-activity;sid:84156201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293099)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb11"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"devapi.wenano.app"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293099/; classtype:trojan-activity;sid:84156199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293100)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb3"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"devapi.wenano.app"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293100/; classtype:trojan-activity;sid:84156200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293089)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"devapi.wenano.app"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293089/; classtype:trojan-activity;sid:84156189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293090)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"devapi.wenano.app"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293090/; classtype:trojan-activity;sid:84156190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293091)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb10"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"devapi.wenano.app"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293091/; classtype:trojan-activity;sid:84156191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293092)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb1"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"devapi.wenano.app"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293092/; classtype:trojan-activity;sid:84156192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293093)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"devapi.wenano.app"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293093/; classtype:trojan-activity;sid:84156193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293094)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb9"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"devapi.wenano.app"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293094/; classtype:trojan-activity;sid:84156194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293095)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb2"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"devapi.wenano.app"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293095/; classtype:trojan-activity;sid:84156195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293096)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb8"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"devapi.wenano.app"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293096/; classtype:trojan-activity;sid:84156196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293097)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"devapi.wenano.app"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293097/; classtype:trojan-activity;sid:84156197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293098)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"devapi.wenano.app"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293098/; classtype:trojan-activity;sid:84156198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.130.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293088/; classtype:trojan-activity;sid:84156188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293087)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"137.184.54.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293087/; classtype:trojan-activity;sid:84156187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293086/; classtype:trojan-activity;sid:84156186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.31.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293085/; classtype:trojan-activity;sid:84156185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.59.153.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293084/; classtype:trojan-activity;sid:84156184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.182.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293083/; classtype:trojan-activity;sid:84156183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.244.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293082/; classtype:trojan-activity;sid:84156182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.15.189"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293081/; classtype:trojan-activity;sid:84156181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.76.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293080/; classtype:trojan-activity;sid:84156180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293079)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.191.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293079/; classtype:trojan-activity;sid:84156179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.18.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293078/; classtype:trojan-activity;sid:84156178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.56.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293077/; classtype:trojan-activity;sid:84156177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.149.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293076/; classtype:trojan-activity;sid:84156176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.119.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293075/; classtype:trojan-activity;sid:84156175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.24.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293074/; classtype:trojan-activity;sid:84156174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.244.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293073/; classtype:trojan-activity;sid:84156173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.79.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293072/; classtype:trojan-activity;sid:84156172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.59.153.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293071/; classtype:trojan-activity;sid:84156171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.178.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293070/; classtype:trojan-activity;sid:84156170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.24.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293069/; classtype:trojan-activity;sid:84156169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.206.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293068/; classtype:trojan-activity;sid:84156168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.79.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293067/; classtype:trojan-activity;sid:84156167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.191.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293066/; classtype:trojan-activity;sid:84156166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293065/; classtype:trojan-activity;sid:84156165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.63.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293064/; classtype:trojan-activity;sid:84156164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.15.189"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293063/; classtype:trojan-activity;sid:84156163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.206.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293062/; classtype:trojan-activity;sid:84156162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.193.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293061/; classtype:trojan-activity;sid:84156161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293060/; classtype:trojan-activity;sid:84156160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.227.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293059/; classtype:trojan-activity;sid:84156159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293058)"; flow:established,from_client; content:"GET"; http_method; content:"/ftsp.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"previews-belgium-achieved-driving.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293058/; classtype:trojan-activity;sid:84156158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293057)"; flow:established,from_client; content:"GET"; http_method; content:"/ftsp.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fit-retired-athletics-marathon.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293057/; classtype:trojan-activity;sid:84156157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293055)"; flow:established,from_client; content:"GET"; http_method; content:"/cam.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fit-retired-athletics-marathon.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293055/; classtype:trojan-activity;sid:84156155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293056)"; flow:established,from_client; content:"GET"; http_method; content:"/cam.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"previews-belgium-achieved-driving.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293056/; classtype:trojan-activity;sid:84156156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293054)"; flow:established,from_client; content:"GET"; http_method; content:"/dxjs.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"previews-belgium-achieved-driving.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293054/; classtype:trojan-activity;sid:84156154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293051)"; flow:established,from_client; content:"GET"; http_method; content:"/dxjs2.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"previews-belgium-achieved-driving.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293051/; classtype:trojan-activity;sid:84156151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293052)"; flow:established,from_client; content:"GET"; http_method; content:"/bab.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"previews-belgium-achieved-driving.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293052/; classtype:trojan-activity;sid:84156152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293053)"; flow:established,from_client; content:"GET"; http_method; content:"/dxjs.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fit-retired-athletics-marathon.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293053/; classtype:trojan-activity;sid:84156153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293050)"; flow:established,from_client; content:"GET"; http_method; content:"/dxjs2.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fit-retired-athletics-marathon.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293050/; classtype:trojan-activity;sid:84156150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293049)"; flow:established,from_client; content:"GET"; http_method; content:"/bab.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fit-retired-athletics-marathon.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293049/; classtype:trojan-activity;sid:84156149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293046)"; flow:established,from_client; content:"GET"; http_method; content:"/startupppp.bat"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fit-retired-athletics-marathon.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293046/; classtype:trojan-activity;sid:84156146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293047)"; flow:established,from_client; content:"GET"; http_method; content:"/new.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"previews-belgium-achieved-driving.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293047/; classtype:trojan-activity;sid:84156147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293048)"; flow:established,from_client; content:"GET"; http_method; content:"/new.vbs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fit-retired-athletics-marathon.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293048/; classtype:trojan-activity;sid:84156148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293043)"; flow:established,from_client; content:"GET"; http_method; content:"/startupppp.bat"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"previews-belgium-achieved-driving.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293043/; classtype:trojan-activity;sid:84156143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293044)"; flow:established,from_client; content:"GET"; http_method; content:"/new.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fit-retired-athletics-marathon.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293044/; classtype:trojan-activity;sid:84156144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293045)"; flow:established,from_client; content:"GET"; http_method; content:"/new.vbs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"previews-belgium-achieved-driving.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293045/; classtype:trojan-activity;sid:84156145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.100.213.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293042/; classtype:trojan-activity;sid:84156142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.63.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293041/; classtype:trojan-activity;sid:84156141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.191.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293040/; classtype:trojan-activity;sid:84156140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.206.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293039/; classtype:trojan-activity;sid:84156139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293038/; classtype:trojan-activity;sid:84156138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.205.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293037/; classtype:trojan-activity;sid:84156137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293036/; classtype:trojan-activity;sid:84156136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.27.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293035/; classtype:trojan-activity;sid:84156135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.233.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293034/; classtype:trojan-activity;sid:84156134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.182.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293033/; classtype:trojan-activity;sid:84156133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.206.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293032/; classtype:trojan-activity;sid:84156132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.12.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293031/; classtype:trojan-activity;sid:84156131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293030/; classtype:trojan-activity;sid:84156130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.136.97.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293029/; classtype:trojan-activity;sid:84156129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.135.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293028/; classtype:trojan-activity;sid:84156128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.193.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293027/; classtype:trojan-activity;sid:84156127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.63.247.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293026/; classtype:trojan-activity;sid:84156126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.11.56.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293025/; classtype:trojan-activity;sid:84156125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.80.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293022/; classtype:trojan-activity;sid:84156122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.97.46.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293023/; classtype:trojan-activity;sid:84156123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293024)"; flow:established,from_client; content:"GET"; http_method; content:"/labxmtznbcwjnkndg58.bin"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mertvinc.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293024/; classtype:trojan-activity;sid:84156124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293021)"; flow:established,from_client; content:"GET"; http_method; content:"/egjusgc103.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.109.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293021/; classtype:trojan-activity;sid:84156121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.102.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293020/; classtype:trojan-activity;sid:84156120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.14.3.170"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293019/; classtype:trojan-activity;sid:84156119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.27.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293018/; classtype:trojan-activity;sid:84156118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.5.50.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293017/; classtype:trojan-activity;sid:84156117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293016)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.64.128.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293016/; classtype:trojan-activity;sid:84156116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.20.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293015/; classtype:trojan-activity;sid:84156115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.3.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293014/; classtype:trojan-activity;sid:84156114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.182.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293013/; classtype:trojan-activity;sid:84156113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.183.165.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293012/; classtype:trojan-activity;sid:84156112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.40.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293011/; classtype:trojan-activity;sid:84156111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293010/; classtype:trojan-activity;sid:84156110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.155.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293009/; classtype:trojan-activity;sid:84156109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.89.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293008/; classtype:trojan-activity;sid:84156108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.155.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293007/; classtype:trojan-activity;sid:84156107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.36.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293006/; classtype:trojan-activity;sid:84156106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.100.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293005/; classtype:trojan-activity;sid:84156105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.171.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293004/; classtype:trojan-activity;sid:84156104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.67.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293003/; classtype:trojan-activity;sid:84156103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.242.82.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293002/; classtype:trojan-activity;sid:84156102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.217.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293001/; classtype:trojan-activity;sid:84156101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.152.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293000/; classtype:trojan-activity;sid:84156100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.3.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292999/; classtype:trojan-activity;sid:84156099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.86.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292997/; classtype:trojan-activity;sid:84156097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.50.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292998/; classtype:trojan-activity;sid:84156098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292996/; classtype:trojan-activity;sid:84156096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.103.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292995/; classtype:trojan-activity;sid:84156095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.20.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292994/; classtype:trojan-activity;sid:84156094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.105.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292993/; classtype:trojan-activity;sid:84156093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.46.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292992/; classtype:trojan-activity;sid:84156092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.83.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292991/; classtype:trojan-activity;sid:84156091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.254.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292990/; classtype:trojan-activity;sid:84156090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.14.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292989/; classtype:trojan-activity;sid:84156089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.113.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292988/; classtype:trojan-activity;sid:84156088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.67.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292987/; classtype:trojan-activity;sid:84156087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.81.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292986/; classtype:trojan-activity;sid:84156086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.15.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292985/; classtype:trojan-activity;sid:84156085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.173.86.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292983/; classtype:trojan-activity;sid:84156083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.186.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292984/; classtype:trojan-activity;sid:84156084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.152.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292982/; classtype:trojan-activity;sid:84156082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.155.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292981/; classtype:trojan-activity;sid:84156081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292980/; classtype:trojan-activity;sid:84156080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.81.151"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292979/; classtype:trojan-activity;sid:84156079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.113.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292978/; classtype:trojan-activity;sid:84156078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.217.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292977/; classtype:trojan-activity;sid:84156077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.25.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292976/; classtype:trojan-activity;sid:84156076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.157.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292975/; classtype:trojan-activity;sid:84156075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.0.136.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292974/; classtype:trojan-activity;sid:84156074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.14.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292973/; classtype:trojan-activity;sid:84156073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.197.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292972/; classtype:trojan-activity;sid:84156072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.254.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292971/; classtype:trojan-activity;sid:84156071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.188.185.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292970/; classtype:trojan-activity;sid:84156070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.173.86.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292969/; classtype:trojan-activity;sid:84156069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.168.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292968/; classtype:trojan-activity;sid:84156068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.186.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292967/; classtype:trojan-activity;sid:84156067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292965)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.232.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292965/; classtype:trojan-activity;sid:84156065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.13.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292966/; classtype:trojan-activity;sid:84156066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292964)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.87.120.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292964/; classtype:trojan-activity;sid:84156064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.80.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292963/; classtype:trojan-activity;sid:84156063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.197.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292962/; classtype:trojan-activity;sid:84156062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.81.151"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292960/; classtype:trojan-activity;sid:84156060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.171.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292961/; classtype:trojan-activity;sid:84156061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.80.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292959/; classtype:trojan-activity;sid:84156059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.168.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292958/; classtype:trojan-activity;sid:84156058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.249.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292957/; classtype:trojan-activity;sid:84156057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.192.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292956/; classtype:trojan-activity;sid:84156056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.229.107.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292955/; classtype:trojan-activity;sid:84156055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.91.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292954/; classtype:trojan-activity;sid:84156054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.86.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292953/; classtype:trojan-activity;sid:84156053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.209.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292952/; classtype:trojan-activity;sid:84156052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.188.185.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292951/; classtype:trojan-activity;sid:84156051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292950/; classtype:trojan-activity;sid:84156050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.91.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292949/; classtype:trojan-activity;sid:84156049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292941)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292941/; classtype:trojan-activity;sid:84156041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292942)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sparc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292942/; classtype:trojan-activity;sid:84156042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292943)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292943/; classtype:trojan-activity;sid:84156043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292944)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292944/; classtype:trojan-activity;sid:84156044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292945)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292945/; classtype:trojan-activity;sid:84156045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292946)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292946/; classtype:trojan-activity;sid:84156046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292947)"; flow:established,from_client; content:"GET"; http_method; content:"/z"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292947/; classtype:trojan-activity;sid:84156047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.56.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292948/; classtype:trojan-activity;sid:84156048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292932)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292932/; classtype:trojan-activity;sid:84156032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292933)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292933/; classtype:trojan-activity;sid:84156033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292934)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292934/; classtype:trojan-activity;sid:84156034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292935)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292935/; classtype:trojan-activity;sid:84156035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292936)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292936/; classtype:trojan-activity;sid:84156036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292937)"; flow:established,from_client; content:"GET"; http_method; content:"/yak.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292937/; classtype:trojan-activity;sid:84156037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292938)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i686"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292938/; classtype:trojan-activity;sid:84156038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292939)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292939/; classtype:trojan-activity;sid:84156039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292940)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292940/; classtype:trojan-activity;sid:84156040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292931)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292931/; classtype:trojan-activity;sid:84156031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.171.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292930/; classtype:trojan-activity;sid:84156030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292929)"; flow:established,from_client; content:"GET"; http_method; content:"/v"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292929/; classtype:trojan-activity;sid:84156029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292927)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292927/; classtype:trojan-activity;sid:84156027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.219.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292928/; classtype:trojan-activity;sid:84156028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292926)"; flow:established,from_client; content:"GET"; http_method; content:"/u"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292926/; classtype:trojan-activity;sid:84156026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292924)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292924/; classtype:trojan-activity;sid:84156024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292925)"; flow:established,from_client; content:"GET"; http_method; content:"/splash.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292925/; classtype:trojan-activity;sid:84156025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292923/; classtype:trojan-activity;sid:84156023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292920)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.sparc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292920/; classtype:trojan-activity;sid:84156020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292921)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292921/; classtype:trojan-activity;sid:84156021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292922)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292922/; classtype:trojan-activity;sid:84156022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.113.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292919/; classtype:trojan-activity;sid:84156019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.126.130.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292918/; classtype:trojan-activity;sid:84156018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292910)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.arm4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292910/; classtype:trojan-activity;sid:84156010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292911)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292911/; classtype:trojan-activity;sid:84156011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292912)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292912/; classtype:trojan-activity;sid:84156012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292913)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292913/; classtype:trojan-activity;sid:84156013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292914)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292914/; classtype:trojan-activity;sid:84156014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292915)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.i586"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292915/; classtype:trojan-activity;sid:84156015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292916)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292916/; classtype:trojan-activity;sid:84156016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292917)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292917/; classtype:trojan-activity;sid:84156017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292909)"; flow:established,from_client; content:"GET"; http_method; content:"/r"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292909/; classtype:trojan-activity;sid:84156009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292908)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292908/; classtype:trojan-activity;sid:84156008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292907)"; flow:established,from_client; content:"GET"; http_method; content:"/necr0.py"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292907/; classtype:trojan-activity;sid:84156007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292903)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292903/; classtype:trojan-activity;sid:84156003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292904)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.arm4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292904/; classtype:trojan-activity;sid:84156004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292905)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292905/; classtype:trojan-activity;sid:84156005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292902)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292902/; classtype:trojan-activity;sid:84156002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292899)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292899/; classtype:trojan-activity;sid:84155999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292900)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292900/; classtype:trojan-activity;sid:84156000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292901)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292901/; classtype:trojan-activity;sid:84156001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292897)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292897/; classtype:trojan-activity;sid:84155997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292898)"; flow:established,from_client; content:"GET"; http_method; content:"/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292898/; classtype:trojan-activity;sid:84155998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292878)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292878/; classtype:trojan-activity;sid:84155978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292879)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292879/; classtype:trojan-activity;sid:84155979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292880)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.i586"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292880/; classtype:trojan-activity;sid:84155980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292881)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292881/; classtype:trojan-activity;sid:84155981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292882)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292882/; classtype:trojan-activity;sid:84155982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292883)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292883/; classtype:trojan-activity;sid:84155983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292884)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292884/; classtype:trojan-activity;sid:84155984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292885)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292885/; classtype:trojan-activity;sid:84155985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292886)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.sparc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292886/; classtype:trojan-activity;sid:84155986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292887)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292887/; classtype:trojan-activity;sid:84155987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292888)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292888/; classtype:trojan-activity;sid:84155988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292889)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292889/; classtype:trojan-activity;sid:84155989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292890)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.mipsel"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292890/; classtype:trojan-activity;sid:84155990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292891)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292891/; classtype:trojan-activity;sid:84155991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292892)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292892/; classtype:trojan-activity;sid:84155992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292893)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292893/; classtype:trojan-activity;sid:84155993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292894)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292894/; classtype:trojan-activity;sid:84155994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292895)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292895/; classtype:trojan-activity;sid:84155995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292896)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.i686"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292896/; classtype:trojan-activity;sid:84155996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292877)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292877/; classtype:trojan-activity;sid:84155977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292874)"; flow:established,from_client; content:"GET"; http_method; content:"/h"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292874/; classtype:trojan-activity;sid:84155974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292875)"; flow:established,from_client; content:"GET"; http_method; content:"/c1.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292875/; classtype:trojan-activity;sid:84155975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292876)"; flow:established,from_client; content:"GET"; http_method; content:"/get.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292876/; classtype:trojan-activity;sid:84155976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292872)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292872/; classtype:trojan-activity;sid:84155972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292873)"; flow:established,from_client; content:"GET"; http_method; content:"/d"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292873/; classtype:trojan-activity;sid:84155973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292868)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292868/; classtype:trojan-activity;sid:84155968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292869)"; flow:established,from_client; content:"GET"; http_method; content:"/e"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292869/; classtype:trojan-activity;sid:84155969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292870)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292870/; classtype:trojan-activity;sid:84155970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292871)"; flow:established,from_client; content:"GET"; http_method; content:"/c1"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292871/; classtype:trojan-activity;sid:84155971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.6.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292866/; classtype:trojan-activity;sid:84155966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.164.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292865/; classtype:trojan-activity;sid:84155965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292864/; classtype:trojan-activity;sid:84155964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.137.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292863/; classtype:trojan-activity;sid:84155963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292862)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/bins.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292862/; classtype:trojan-activity;sid:84155962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.56.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292861/; classtype:trojan-activity;sid:84155961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292857)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292857/; classtype:trojan-activity;sid:84155957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292858)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/t"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292858/; classtype:trojan-activity;sid:84155958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292859)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292859/; classtype:trojan-activity;sid:84155959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292860)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292860/; classtype:trojan-activity;sid:84155960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292838)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/r"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292838/; classtype:trojan-activity;sid:84155938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292839)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/d"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292839/; classtype:trojan-activity;sid:84155939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292840)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292840/; classtype:trojan-activity;sid:84155940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292841)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/v"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292841/; classtype:trojan-activity;sid:84155941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292842)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292842/; classtype:trojan-activity;sid:84155942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292843)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/z"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292843/; classtype:trojan-activity;sid:84155943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292844)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/wget"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292844/; classtype:trojan-activity;sid:84155944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292845)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292845/; classtype:trojan-activity;sid:84155945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292846)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/splash.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292846/; classtype:trojan-activity;sid:84155946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292847)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292847/; classtype:trojan-activity;sid:84155947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292848)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/h"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292848/; classtype:trojan-activity;sid:84155948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292849)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/l"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292849/; classtype:trojan-activity;sid:84155949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292850)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292850/; classtype:trojan-activity;sid:84155950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292851)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/e"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292851/; classtype:trojan-activity;sid:84155951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292852)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/wget.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292852/; classtype:trojan-activity;sid:84155952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292853)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292853/; classtype:trojan-activity;sid:84155953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292854)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/u"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292854/; classtype:trojan-activity;sid:84155954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292855)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292855/; classtype:trojan-activity;sid:84155955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292856)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292856/; classtype:trojan-activity;sid:84155956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292822)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292822/; classtype:trojan-activity;sid:84155922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292823)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292823/; classtype:trojan-activity;sid:84155923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292824)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.gponfiber"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292824/; classtype:trojan-activity;sid:84155924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292825)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292825/; classtype:trojan-activity;sid:84155925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292826)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292826/; classtype:trojan-activity;sid:84155926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292827)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292827/; classtype:trojan-activity;sid:84155927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292828)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292828/; classtype:trojan-activity;sid:84155928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292829)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.mipsel"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292829/; classtype:trojan-activity;sid:84155929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292830)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yak.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292830/; classtype:trojan-activity;sid:84155930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292831)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292831/; classtype:trojan-activity;sid:84155931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292832)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.i586"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292832/; classtype:trojan-activity;sid:84155932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292833)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292833/; classtype:trojan-activity;sid:84155933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292834)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292834/; classtype:trojan-activity;sid:84155934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292835)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292835/; classtype:trojan-activity;sid:84155935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292836)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.vigor"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292836/; classtype:trojan-activity;sid:84155936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292837)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292837/; classtype:trojan-activity;sid:84155937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292812)"; flow:established,from_client; content:"GET"; http_method; content:"/a/t"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292812/; classtype:trojan-activity;sid:84155912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292813)"; flow:established,from_client; content:"GET"; http_method; content:"/a/h"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292813/; classtype:trojan-activity;sid:84155913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292814)"; flow:established,from_client; content:"GET"; http_method; content:"/a/d"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292814/; classtype:trojan-activity;sid:84155914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292815)"; flow:established,from_client; content:"GET"; http_method; content:"/a/v"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292815/; classtype:trojan-activity;sid:84155915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292816)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292816/; classtype:trojan-activity;sid:84155916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292817)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292817/; classtype:trojan-activity;sid:84155917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292818)"; flow:established,from_client; content:"GET"; http_method; content:"/a/l"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292818/; classtype:trojan-activity;sid:84155918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292819)"; flow:established,from_client; content:"GET"; http_method; content:"/a/u"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292819/; classtype:trojan-activity;sid:84155919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292820)"; flow:established,from_client; content:"GET"; http_method; content:"/a/splash.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292820/; classtype:trojan-activity;sid:84155920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292821)"; flow:established,from_client; content:"GET"; http_method; content:"/a/wget"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292821/; classtype:trojan-activity;sid:84155921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292796)"; flow:established,from_client; content:"GET"; http_method; content:"/a/z"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292796/; classtype:trojan-activity;sid:84155896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292797)"; flow:established,from_client; content:"GET"; http_method; content:"/a/bins.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292797/; classtype:trojan-activity;sid:84155897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292798)"; flow:established,from_client; content:"GET"; http_method; content:"/a/bot.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292798/; classtype:trojan-activity;sid:84155898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292799)"; flow:established,from_client; content:"GET"; http_method; content:"/a/e"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292799/; classtype:trojan-activity;sid:84155899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292800)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292800/; classtype:trojan-activity;sid:84155900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292801)"; flow:established,from_client; content:"GET"; http_method; content:"/a/wget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292801/; classtype:trojan-activity;sid:84155901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292802)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292802/; classtype:trojan-activity;sid:84155902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292803)"; flow:established,from_client; content:"GET"; http_method; content:"/a/r"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292803/; classtype:trojan-activity;sid:84155903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292804)"; flow:established,from_client; content:"GET"; http_method; content:"/a/bot.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292804/; classtype:trojan-activity;sid:84155904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292805)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292805/; classtype:trojan-activity;sid:84155905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292806)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292806/; classtype:trojan-activity;sid:84155906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292807)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292807/; classtype:trojan-activity;sid:84155907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292808)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.mipsel"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292808/; classtype:trojan-activity;sid:84155908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292809)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292809/; classtype:trojan-activity;sid:84155909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292810)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292810/; classtype:trojan-activity;sid:84155910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292811)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292811/; classtype:trojan-activity;sid:84155911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292795)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292795/; classtype:trojan-activity;sid:84155895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292793)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.vigor"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292793/; classtype:trojan-activity;sid:84155893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292794)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292794/; classtype:trojan-activity;sid:84155894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292780)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.arm4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292780/; classtype:trojan-activity;sid:84155880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292781)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yak.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292781/; classtype:trojan-activity;sid:84155881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292782)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.sparc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292782/; classtype:trojan-activity;sid:84155882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292783)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292783/; classtype:trojan-activity;sid:84155883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292784)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.i586"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292784/; classtype:trojan-activity;sid:84155884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292785)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292785/; classtype:trojan-activity;sid:84155885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292786)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292786/; classtype:trojan-activity;sid:84155886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292787)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292787/; classtype:trojan-activity;sid:84155887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292788)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292788/; classtype:trojan-activity;sid:84155888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292789)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.gponfiber"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292789/; classtype:trojan-activity;sid:84155889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292790)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292790/; classtype:trojan-activity;sid:84155890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292791)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292791/; classtype:trojan-activity;sid:84155891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292792)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292792/; classtype:trojan-activity;sid:84155892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.171.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292779/; classtype:trojan-activity;sid:84155879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292775)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292775/; classtype:trojan-activity;sid:84155875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292776)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292776/; classtype:trojan-activity;sid:84155876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292777)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292777/; classtype:trojan-activity;sid:84155877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292778)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292778/; classtype:trojan-activity;sid:84155878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292773)"; flow:established,from_client; content:"GET"; http_method; content:"/s/siesddaljz665we/download"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"i0004.clarodrive.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292773/; classtype:trojan-activity;sid:84155873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292772)"; flow:established,from_client; content:"GET"; http_method; content:"/76d32be0.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.245.22.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292772/; classtype:trojan-activity;sid:84155872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.159.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292771/; classtype:trojan-activity;sid:84155871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292770/; classtype:trojan-activity;sid:84155870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.253.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292769/; classtype:trojan-activity;sid:84155869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.36.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292768/; classtype:trojan-activity;sid:84155868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.227.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292767/; classtype:trojan-activity;sid:84155867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.147.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292766/; classtype:trojan-activity;sid:84155866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292765/; classtype:trojan-activity;sid:84155865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.255.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292764/; classtype:trojan-activity;sid:84155864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.239.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292763/; classtype:trojan-activity;sid:84155863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.165.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292762/; classtype:trojan-activity;sid:84155862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.57.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292761/; classtype:trojan-activity;sid:84155861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.42.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292760/; classtype:trojan-activity;sid:84155860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.188.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292759/; classtype:trojan-activity;sid:84155859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.227.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292758/; classtype:trojan-activity;sid:84155858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.212.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292757/; classtype:trojan-activity;sid:84155857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.128.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292756/; classtype:trojan-activity;sid:84155856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.89.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292754/; classtype:trojan-activity;sid:84155854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.0.212"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292755/; classtype:trojan-activity;sid:84155855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.88.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292753/; classtype:trojan-activity;sid:84155853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292752/; classtype:trojan-activity;sid:84155852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.165.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292751/; classtype:trojan-activity;sid:84155851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.239.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292750/; classtype:trojan-activity;sid:84155850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.168.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292749/; classtype:trojan-activity;sid:84155849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.33.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292748/; classtype:trojan-activity;sid:84155848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.69.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292747/; classtype:trojan-activity;sid:84155847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292746/; classtype:trojan-activity;sid:84155846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.100.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292745/; classtype:trojan-activity;sid:84155845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.251.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292744/; classtype:trojan-activity;sid:84155844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.230.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292742/; classtype:trojan-activity;sid:84155842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292743)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.103.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292743/; classtype:trojan-activity;sid:84155843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.181.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292741/; classtype:trojan-activity;sid:84155841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292740/; classtype:trojan-activity;sid:84155840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.1.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292738/; classtype:trojan-activity;sid:84155838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.1.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292739/; classtype:trojan-activity;sid:84155839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.163.68.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292737/; classtype:trojan-activity;sid:84155837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.244.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292736/; classtype:trojan-activity;sid:84155836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.33.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292735/; classtype:trojan-activity;sid:84155835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292734/; classtype:trojan-activity;sid:84155834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.82.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292733/; classtype:trojan-activity;sid:84155833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.100.13.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292732/; classtype:trojan-activity;sid:84155832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.198.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292731/; classtype:trojan-activity;sid:84155831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.181.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292730/; classtype:trojan-activity;sid:84155830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.168.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292729/; classtype:trojan-activity;sid:84155829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.188.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292728/; classtype:trojan-activity;sid:84155828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.190.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292727/; classtype:trojan-activity;sid:84155827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.69.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292726/; classtype:trojan-activity;sid:84155826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292725)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.181.114.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292725/; classtype:trojan-activity;sid:84155825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.91.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292724/; classtype:trojan-activity;sid:84155824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.17.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292722/; classtype:trojan-activity;sid:84155822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292723/; classtype:trojan-activity;sid:84155823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.120.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292721/; classtype:trojan-activity;sid:84155821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.198.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292719/; classtype:trojan-activity;sid:84155819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.41.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292720/; classtype:trojan-activity;sid:84155820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.244.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292718/; classtype:trojan-activity;sid:84155818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.160.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292717/; classtype:trojan-activity;sid:84155817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.100.13.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292716/; classtype:trojan-activity;sid:84155816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.170.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292715/; classtype:trojan-activity;sid:84155815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.68.162.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292714/; classtype:trojan-activity;sid:84155814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.88.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292713/; classtype:trojan-activity;sid:84155813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.203.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292712/; classtype:trojan-activity;sid:84155812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292711)"; flow:established,from_client; content:"GET"; http_method; content:"/files/123.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292711/; classtype:trojan-activity;sid:84155811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.45.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292710/; classtype:trojan-activity;sid:84155810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.25.180"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292709/; classtype:trojan-activity;sid:84155809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.171.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292708/; classtype:trojan-activity;sid:84155808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292707/; classtype:trojan-activity;sid:84155807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.107.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292706/; classtype:trojan-activity;sid:84155806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.179.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292705/; classtype:trojan-activity;sid:84155805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.21.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292704/; classtype:trojan-activity;sid:84155804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292703)"; flow:established,from_client; content:"GET"; http_method; content:"/viewprofile"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"f47d5.language.sebtomato.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292703/; classtype:trojan-activity;sid:84155803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.81.159.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292702/; classtype:trojan-activity;sid:84155802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.48.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292701/; classtype:trojan-activity;sid:84155801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.112.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292700/; classtype:trojan-activity;sid:84155800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.229.152.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292699/; classtype:trojan-activity;sid:84155799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.231.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292698/; classtype:trojan-activity;sid:84155798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.247.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292697/; classtype:trojan-activity;sid:84155797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.155.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292696/; classtype:trojan-activity;sid:84155796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.120.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292695/; classtype:trojan-activity;sid:84155795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.68.162.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292694/; classtype:trojan-activity;sid:84155794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.88.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292693/; classtype:trojan-activity;sid:84155793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.251.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292692/; classtype:trojan-activity;sid:84155792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.182.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292691/; classtype:trojan-activity;sid:84155791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.118.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292690/; classtype:trojan-activity;sid:84155790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.236.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292689/; classtype:trojan-activity;sid:84155789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.39.19.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292688/; classtype:trojan-activity;sid:84155788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.81.159.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292687/; classtype:trojan-activity;sid:84155787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292686)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.100.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292686/; classtype:trojan-activity;sid:84155786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.155.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292685/; classtype:trojan-activity;sid:84155785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.102.29.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292684/; classtype:trojan-activity;sid:84155784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292683/; classtype:trojan-activity;sid:84155783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.245.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292682/; classtype:trojan-activity;sid:84155782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.229.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292681/; classtype:trojan-activity;sid:84155781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.102.29.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292680/; classtype:trojan-activity;sid:84155780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.107.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292679/; classtype:trojan-activity;sid:84155779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.246.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292678/; classtype:trojan-activity;sid:84155778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.201.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292677/; classtype:trojan-activity;sid:84155777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.40.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292676/; classtype:trojan-activity;sid:84155776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.111.155.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292675/; classtype:trojan-activity;sid:84155775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.64.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292674/; classtype:trojan-activity;sid:84155774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.140.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292673/; classtype:trojan-activity;sid:84155773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.153.214.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292672/; classtype:trojan-activity;sid:84155772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.56.11.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292671/; classtype:trojan-activity;sid:84155771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.225.221.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292670/; classtype:trojan-activity;sid:84155770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.153.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292669/; classtype:trojan-activity;sid:84155769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.107.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292668/; classtype:trojan-activity;sid:84155768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.140.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292667/; classtype:trojan-activity;sid:84155767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.96.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292666/; classtype:trojan-activity;sid:84155766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.45.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292665/; classtype:trojan-activity;sid:84155765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.39.19.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292664/; classtype:trojan-activity;sid:84155764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.10.199.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292663/; classtype:trojan-activity;sid:84155763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.179.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292662/; classtype:trojan-activity;sid:84155762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.153.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292661/; classtype:trojan-activity;sid:84155761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.111.155.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292660/; classtype:trojan-activity;sid:84155760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.225.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292659/; classtype:trojan-activity;sid:84155759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.153.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292658/; classtype:trojan-activity;sid:84155758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.10.199.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292657/; classtype:trojan-activity;sid:84155757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.233.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292656/; classtype:trojan-activity;sid:84155756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.169.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292655/; classtype:trojan-activity;sid:84155755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.8.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292654/; classtype:trojan-activity;sid:84155754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.179.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292653/; classtype:trojan-activity;sid:84155753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.46.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292652/; classtype:trojan-activity;sid:84155752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.34.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292651/; classtype:trojan-activity;sid:84155751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.179.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292650/; classtype:trojan-activity;sid:84155750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292649)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"137.184.54.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292649/; classtype:trojan-activity;sid:84155749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292645)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb8"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"137.184.54.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292645/; classtype:trojan-activity;sid:84155745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292646)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb3"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"137.184.54.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292646/; classtype:trojan-activity;sid:84155746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292647)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb2"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"137.184.54.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292647/; classtype:trojan-activity;sid:84155747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292648)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"137.184.54.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292648/; classtype:trojan-activity;sid:84155748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292639)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb11"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"137.184.54.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292639/; classtype:trojan-activity;sid:84155739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292640)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb10"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"137.184.54.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292640/; classtype:trojan-activity;sid:84155740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292641)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"137.184.54.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292641/; classtype:trojan-activity;sid:84155741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292642)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"137.184.54.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292642/; classtype:trojan-activity;sid:84155742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292643)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb1"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"137.184.54.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292643/; classtype:trojan-activity;sid:84155743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292644)"; flow:established,from_client; content:"GET"; http_method; content:"/mmb9"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"137.184.54.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292644/; classtype:trojan-activity;sid:84155744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.50.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292638/; classtype:trojan-activity;sid:84155738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.97.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292637/; classtype:trojan-activity;sid:84155737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.188.143.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292636/; classtype:trojan-activity;sid:84155736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.58.63"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292635/; classtype:trojan-activity;sid:84155735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.185.49.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292634/; classtype:trojan-activity;sid:84155734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.58.63"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292633/; classtype:trojan-activity;sid:84155733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.219.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292632/; classtype:trojan-activity;sid:84155732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.225.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292631/; classtype:trojan-activity;sid:84155731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.159.71.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292630/; classtype:trojan-activity;sid:84155730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.0.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292629/; classtype:trojan-activity;sid:84155729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.226.177.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292628/; classtype:trojan-activity;sid:84155728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.34.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292626/; classtype:trojan-activity;sid:84155726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.179.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292627/; classtype:trojan-activity;sid:84155727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.46.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292625/; classtype:trojan-activity;sid:84155725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292624)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.72.1.7"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292624/; classtype:trojan-activity;sid:84155724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.208.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292623/; classtype:trojan-activity;sid:84155723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.182.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292622/; classtype:trojan-activity;sid:84155722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292620/; classtype:trojan-activity;sid:84155720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.50.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292621/; classtype:trojan-activity;sid:84155721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.204.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292619/; classtype:trojan-activity;sid:84155719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.85.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292618/; classtype:trojan-activity;sid:84155718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.30.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292617/; classtype:trojan-activity;sid:84155717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.160.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292616/; classtype:trojan-activity;sid:84155716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.145.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292615/; classtype:trojan-activity;sid:84155715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.102.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292614/; classtype:trojan-activity;sid:84155714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.140.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292612/; classtype:trojan-activity;sid:84155712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.223.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292613/; classtype:trojan-activity;sid:84155713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.66.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292611/; classtype:trojan-activity;sid:84155711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.216.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292610/; classtype:trojan-activity;sid:84155710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.255.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292609/; classtype:trojan-activity;sid:84155709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.226.177.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292608/; classtype:trojan-activity;sid:84155708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292607/; classtype:trojan-activity;sid:84155707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.217.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292606/; classtype:trojan-activity;sid:84155706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.85.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292605/; classtype:trojan-activity;sid:84155705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292604/; classtype:trojan-activity;sid:84155704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.117.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292603/; classtype:trojan-activity;sid:84155703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.235.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292602/; classtype:trojan-activity;sid:84155702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.223.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292601/; classtype:trojan-activity;sid:84155701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.86.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292600/; classtype:trojan-activity;sid:84155700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292599/; classtype:trojan-activity;sid:84155699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.217.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292598/; classtype:trojan-activity;sid:84155698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.107.92.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292597/; classtype:trojan-activity;sid:84155697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292596/; classtype:trojan-activity;sid:84155696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.30.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292595/; classtype:trojan-activity;sid:84155695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.30.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292594/; classtype:trojan-activity;sid:84155694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.240.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292593/; classtype:trojan-activity;sid:84155693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.127.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292592/; classtype:trojan-activity;sid:84155692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.21.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292591/; classtype:trojan-activity;sid:84155691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.70.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292590/; classtype:trojan-activity;sid:84155690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292589/; classtype:trojan-activity;sid:84155689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.8.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292588/; classtype:trojan-activity;sid:84155688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.65.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292587/; classtype:trojan-activity;sid:84155687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.254.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292586/; classtype:trojan-activity;sid:84155686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.9.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292585/; classtype:trojan-activity;sid:84155685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.72.19.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292584/; classtype:trojan-activity;sid:84155684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.52.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292583/; classtype:trojan-activity;sid:84155683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.204.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292581/; classtype:trojan-activity;sid:84155681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.121.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292582/; classtype:trojan-activity;sid:84155682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292580)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292580/; classtype:trojan-activity;sid:84155680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292579/; classtype:trojan-activity;sid:84155679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.107.92.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292578/; classtype:trojan-activity;sid:84155678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.94.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292577/; classtype:trojan-activity;sid:84155677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.127.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292576/; classtype:trojan-activity;sid:84155676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.169.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292575/; classtype:trojan-activity;sid:84155675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.72.19.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292574/; classtype:trojan-activity;sid:84155674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.135.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292573/; classtype:trojan-activity;sid:84155673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.209.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292572/; classtype:trojan-activity;sid:84155672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.175.137.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292571/; classtype:trojan-activity;sid:84155671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292566)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.44.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292566/; classtype:trojan-activity;sid:84155666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.144.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292567/; classtype:trojan-activity;sid:84155667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292568/; classtype:trojan-activity;sid:84155668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.205.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292569/; classtype:trojan-activity;sid:84155669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292570)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.7.209.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292570/; classtype:trojan-activity;sid:84155670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.27.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292565/; classtype:trojan-activity;sid:84155665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.65.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292564/; classtype:trojan-activity;sid:84155664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.254.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292563/; classtype:trojan-activity;sid:84155663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292562/; classtype:trojan-activity;sid:84155662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.23.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292561/; classtype:trojan-activity;sid:84155661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.182.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292560/; classtype:trojan-activity;sid:84155660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.193.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292559/; classtype:trojan-activity;sid:84155659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.171.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292558/; classtype:trojan-activity;sid:84155658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.21.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292557/; classtype:trojan-activity;sid:84155657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.175.137.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292556/; classtype:trojan-activity;sid:84155656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.135.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292555/; classtype:trojan-activity;sid:84155655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.130.166.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292554/; classtype:trojan-activity;sid:84155654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.161.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292553/; classtype:trojan-activity;sid:84155653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.202.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292552/; classtype:trojan-activity;sid:84155652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.174.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292550/; classtype:trojan-activity;sid:84155650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292551/; classtype:trojan-activity;sid:84155651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.236.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292549/; classtype:trojan-activity;sid:84155649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.193.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292548/; classtype:trojan-activity;sid:84155648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.127.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292547/; classtype:trojan-activity;sid:84155647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.56.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292546/; classtype:trojan-activity;sid:84155646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.78.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292545/; classtype:trojan-activity;sid:84155645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.66.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292544/; classtype:trojan-activity;sid:84155644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.154.168.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292543/; classtype:trojan-activity;sid:84155643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.253.80.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292542/; classtype:trojan-activity;sid:84155642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292541)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/6husaez9i4l17xu7m4vwh/2oficio-192-notificaci-n-electr-nica-cendo-rama-judicial-rad-1531651351651-1321351-00-354165.tar.uue.tar.001|3f|rlkey=71mt6juvshs8jtndvnu4gr0u9|7c|26|7c|st=xy7dtgc0|7c|26|7c|dl=0"; http_uri; depth:208; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292541/; classtype:trojan-activity;sid:84155641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.38.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292540/; classtype:trojan-activity;sid:84155640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292539/; classtype:trojan-activity;sid:84155639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.236.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292538/; classtype:trojan-activity;sid:84155638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.154.168.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292537/; classtype:trojan-activity;sid:84155637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.78.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292536/; classtype:trojan-activity;sid:84155636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.62.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292535/; classtype:trojan-activity;sid:84155635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292534/; classtype:trojan-activity;sid:84155634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.175.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292533/; classtype:trojan-activity;sid:84155633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.56.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292532/; classtype:trojan-activity;sid:84155632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.23.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292531/; classtype:trojan-activity;sid:84155631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.108.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292530/; classtype:trojan-activity;sid:84155630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.159.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292529/; classtype:trojan-activity;sid:84155629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.223.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292528/; classtype:trojan-activity;sid:84155628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.135.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292527/; classtype:trojan-activity;sid:84155627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.139.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292526/; classtype:trojan-activity;sid:84155626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.15.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292525/; classtype:trojan-activity;sid:84155625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.39.19.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292524/; classtype:trojan-activity;sid:84155624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292523/; classtype:trojan-activity;sid:84155623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.150.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292522/; classtype:trojan-activity;sid:84155622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.166.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292521/; classtype:trojan-activity;sid:84155621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.79.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292520/; classtype:trojan-activity;sid:84155620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.217.68.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292519/; classtype:trojan-activity;sid:84155619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.246.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292518/; classtype:trojan-activity;sid:84155618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.223.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292517/; classtype:trojan-activity;sid:84155617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.15.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292516/; classtype:trojan-activity;sid:84155616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.175.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292515/; classtype:trojan-activity;sid:84155615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.193.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292514/; classtype:trojan-activity;sid:84155614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.108.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292513/; classtype:trojan-activity;sid:84155613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.26.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292512/; classtype:trojan-activity;sid:84155612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292511)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.193.116.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292511/; classtype:trojan-activity;sid:84155611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.14.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292510/; classtype:trojan-activity;sid:84155610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.223.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292509/; classtype:trojan-activity;sid:84155609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.127.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292508/; classtype:trojan-activity;sid:84155608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.191.178.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292506/; classtype:trojan-activity;sid:84155606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.160.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292507/; classtype:trojan-activity;sid:84155607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.30.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292505/; classtype:trojan-activity;sid:84155605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.217.68.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292504/; classtype:trojan-activity;sid:84155604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.141.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292503/; classtype:trojan-activity;sid:84155603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.22.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292502/; classtype:trojan-activity;sid:84155602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.249.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292501/; classtype:trojan-activity;sid:84155601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.182.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292500/; classtype:trojan-activity;sid:84155600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.198.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292499/; classtype:trojan-activity;sid:84155599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.79.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292498/; classtype:trojan-activity;sid:84155598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.65.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292497/; classtype:trojan-activity;sid:84155597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.19.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292496/; classtype:trojan-activity;sid:84155596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.253.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292495/; classtype:trojan-activity;sid:84155595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.163.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292494/; classtype:trojan-activity;sid:84155594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.118.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292493/; classtype:trojan-activity;sid:84155593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.193.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292492/; classtype:trojan-activity;sid:84155592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.15.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292491/; classtype:trojan-activity;sid:84155591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.126.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292490/; classtype:trojan-activity;sid:84155590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.161.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292489/; classtype:trojan-activity;sid:84155589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.135.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292488/; classtype:trojan-activity;sid:84155588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292487)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.12.52"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292487/; classtype:trojan-activity;sid:84155587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.28.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292486/; classtype:trojan-activity;sid:84155586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.153.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292485/; classtype:trojan-activity;sid:84155585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.195.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292484/; classtype:trojan-activity;sid:84155584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.212.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292483/; classtype:trojan-activity;sid:84155583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.22.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292482/; classtype:trojan-activity;sid:84155582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.181.12.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292481/; classtype:trojan-activity;sid:84155581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.50.59"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292480/; classtype:trojan-activity;sid:84155580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.86.96.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292479/; classtype:trojan-activity;sid:84155579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.85.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292478/; classtype:trojan-activity;sid:84155578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292477/; classtype:trojan-activity;sid:84155577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.192.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292476/; classtype:trojan-activity;sid:84155576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.7.179.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292475/; classtype:trojan-activity;sid:84155575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.248.29.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292474/; classtype:trojan-activity;sid:84155574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.55.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292473/; classtype:trojan-activity;sid:84155573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.212.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292472/; classtype:trojan-activity;sid:84155572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.153.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292471/; classtype:trojan-activity;sid:84155571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.86.96.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292470/; classtype:trojan-activity;sid:84155570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.101.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292469/; classtype:trojan-activity;sid:84155569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.152.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292468/; classtype:trojan-activity;sid:84155568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.13.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292467/; classtype:trojan-activity;sid:84155567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.66.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292466/; classtype:trojan-activity;sid:84155566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.192.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292465/; classtype:trojan-activity;sid:84155565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.141.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292464/; classtype:trojan-activity;sid:84155564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.7.179.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292463/; classtype:trojan-activity;sid:84155563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.43.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292462/; classtype:trojan-activity;sid:84155562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292461/; classtype:trojan-activity;sid:84155561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.238.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292460/; classtype:trojan-activity;sid:84155560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.215.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292459/; classtype:trojan-activity;sid:84155559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.55.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292458/; classtype:trojan-activity;sid:84155558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.69.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292456/; classtype:trojan-activity;sid:84155556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.43.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292457/; classtype:trojan-activity;sid:84155557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.152.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292455/; classtype:trojan-activity;sid:84155555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.26.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292454/; classtype:trojan-activity;sid:84155554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292453)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.96.222"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292453/; classtype:trojan-activity;sid:84155553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.150.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292452/; classtype:trojan-activity;sid:84155552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.94.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292450/; classtype:trojan-activity;sid:84155550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.25.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292451/; classtype:trojan-activity;sid:84155551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.40.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292449/; classtype:trojan-activity;sid:84155549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.55.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292448/; classtype:trojan-activity;sid:84155548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292447)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.85.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292447/; classtype:trojan-activity;sid:84155547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.13.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292446/; classtype:trojan-activity;sid:84155546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.130.29.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292445/; classtype:trojan-activity;sid:84155545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.69.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292442/; classtype:trojan-activity;sid:84155542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.167.33.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292443/; classtype:trojan-activity;sid:84155543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.203.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292444/; classtype:trojan-activity;sid:84155544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.0.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292441/; classtype:trojan-activity;sid:84155541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.105.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292440/; classtype:trojan-activity;sid:84155540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.86.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292439/; classtype:trojan-activity;sid:84155539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292438/; classtype:trojan-activity;sid:84155538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292437)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.143.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292437/; classtype:trojan-activity;sid:84155537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292436)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.56.138.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292436/; classtype:trojan-activity;sid:84155536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292435)"; flow:established,from_client; content:"GET"; http_method; content:"/files/skoblik.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292435/; classtype:trojan-activity;sid:84155535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.172.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292434/; classtype:trojan-activity;sid:84155534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.42.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292433/; classtype:trojan-activity;sid:84155533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292432)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.91.193.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292432/; classtype:trojan-activity;sid:84155532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292431/; classtype:trojan-activity;sid:84155531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.20.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292430/; classtype:trojan-activity;sid:84155530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.130.68.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292429/; classtype:trojan-activity;sid:84155529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.104.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292428/; classtype:trojan-activity;sid:84155528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.29.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292427/; classtype:trojan-activity;sid:84155527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.46.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292425/; classtype:trojan-activity;sid:84155525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.248.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292426/; classtype:trojan-activity;sid:84155526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.191.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292424/; classtype:trojan-activity;sid:84155524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.0.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292423/; classtype:trojan-activity;sid:84155523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.246.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292422/; classtype:trojan-activity;sid:84155522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.91.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292421/; classtype:trojan-activity;sid:84155521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.94.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292420/; classtype:trojan-activity;sid:84155520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.1.242"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292419/; classtype:trojan-activity;sid:84155519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.86.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292418/; classtype:trojan-activity;sid:84155518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.163.68.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292417/; classtype:trojan-activity;sid:84155517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.115.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292415/; classtype:trojan-activity;sid:84155515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.60.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292416/; classtype:trojan-activity;sid:84155516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.31.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292414/; classtype:trojan-activity;sid:84155514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.191.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292413/; classtype:trojan-activity;sid:84155513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.75.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292411/; classtype:trojan-activity;sid:84155511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.52.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292412/; classtype:trojan-activity;sid:84155512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.149.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292410/; classtype:trojan-activity;sid:84155510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.138.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292409/; classtype:trojan-activity;sid:84155509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.55.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292408/; classtype:trojan-activity;sid:84155508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.159.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292407/; classtype:trojan-activity;sid:84155507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.86.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292406/; classtype:trojan-activity;sid:84155506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.60.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292405/; classtype:trojan-activity;sid:84155505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.248.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292404/; classtype:trojan-activity;sid:84155504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.176.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292403/; classtype:trojan-activity;sid:84155503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.172.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292402/; classtype:trojan-activity;sid:84155502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.24.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292401/; classtype:trojan-activity;sid:84155501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.15.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292400/; classtype:trojan-activity;sid:84155500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.184.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292399/; classtype:trojan-activity;sid:84155499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.15.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292397/; classtype:trojan-activity;sid:84155497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.38.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292398/; classtype:trojan-activity;sid:84155498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.19.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292396/; classtype:trojan-activity;sid:84155496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292395)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.215.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292395/; classtype:trojan-activity;sid:84155495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.240.66.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292394/; classtype:trojan-activity;sid:84155494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.249.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292393/; classtype:trojan-activity;sid:84155493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.60.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292392/; classtype:trojan-activity;sid:84155492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.17.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292391/; classtype:trojan-activity;sid:84155491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.24.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292390/; classtype:trojan-activity;sid:84155490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.12.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292389/; classtype:trojan-activity;sid:84155489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.23.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292388/; classtype:trojan-activity;sid:84155488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.15.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292387/; classtype:trojan-activity;sid:84155487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.185.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292386/; classtype:trojan-activity;sid:84155486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.63.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292385/; classtype:trojan-activity;sid:84155485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.116.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292384/; classtype:trojan-activity;sid:84155484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.38.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292383/; classtype:trojan-activity;sid:84155483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292382)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.187.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292382/; classtype:trojan-activity;sid:84155482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.20.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292380/; classtype:trojan-activity;sid:84155480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.85.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292381/; classtype:trojan-activity;sid:84155481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.61.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292379/; classtype:trojan-activity;sid:84155479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.120.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292378/; classtype:trojan-activity;sid:84155478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.240.66.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292377/; classtype:trojan-activity;sid:84155477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.249.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292376/; classtype:trojan-activity;sid:84155476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.52.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292375/; classtype:trojan-activity;sid:84155475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.64.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292374/; classtype:trojan-activity;sid:84155474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292373/; classtype:trojan-activity;sid:84155473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292372/; classtype:trojan-activity;sid:84155472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.125.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292371/; classtype:trojan-activity;sid:84155471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.134.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292370/; classtype:trojan-activity;sid:84155470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.185.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292369/; classtype:trojan-activity;sid:84155469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.234.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292367/; classtype:trojan-activity;sid:84155467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.117.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292368/; classtype:trojan-activity;sid:84155468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.116.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292366/; classtype:trojan-activity;sid:84155466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.46.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292365/; classtype:trojan-activity;sid:84155465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292364/; classtype:trojan-activity;sid:84155464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.18.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292363/; classtype:trojan-activity;sid:84155463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.31.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292362/; classtype:trojan-activity;sid:84155462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.15.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292361/; classtype:trojan-activity;sid:84155461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.42.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292360/; classtype:trojan-activity;sid:84155460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.19.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292359/; classtype:trojan-activity;sid:84155459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.82.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292358/; classtype:trojan-activity;sid:84155458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.144.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292357/; classtype:trojan-activity;sid:84155457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292356)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292356/; classtype:trojan-activity;sid:84155456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.4.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292355/; classtype:trojan-activity;sid:84155455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.112.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292354/; classtype:trojan-activity;sid:84155454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.198.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292353/; classtype:trojan-activity;sid:84155453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.69.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292352/; classtype:trojan-activity;sid:84155452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292351/; classtype:trojan-activity;sid:84155451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292350/; classtype:trojan-activity;sid:84155450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.117.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292349/; classtype:trojan-activity;sid:84155449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.66.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292348/; classtype:trojan-activity;sid:84155448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.202.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292347/; classtype:trojan-activity;sid:84155447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.220.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292346/; classtype:trojan-activity;sid:84155446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.249.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292345/; classtype:trojan-activity;sid:84155445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.20.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292344/; classtype:trojan-activity;sid:84155444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.18.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292343/; classtype:trojan-activity;sid:84155443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.186.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292342/; classtype:trojan-activity;sid:84155442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292341/; classtype:trojan-activity;sid:84155441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292340/; classtype:trojan-activity;sid:84155440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.177.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292339/; classtype:trojan-activity;sid:84155439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.92.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292337/; classtype:trojan-activity;sid:84155437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.44.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292338/; classtype:trojan-activity;sid:84155438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.177.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292336/; classtype:trojan-activity;sid:84155436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292335/; classtype:trojan-activity;sid:84155435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.135.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292334/; classtype:trojan-activity;sid:84155434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292333)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.101.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292333/; classtype:trojan-activity;sid:84155433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.135.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292332/; classtype:trojan-activity;sid:84155432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.11.56.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292331/; classtype:trojan-activity;sid:84155431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.92.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292330/; classtype:trojan-activity;sid:84155430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.121.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292329/; classtype:trojan-activity;sid:84155429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.82.50.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292328/; classtype:trojan-activity;sid:84155428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.139.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292327/; classtype:trojan-activity;sid:84155427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.23.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292326/; classtype:trojan-activity;sid:84155426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.176.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292325/; classtype:trojan-activity;sid:84155425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.186.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292324/; classtype:trojan-activity;sid:84155424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292323/; classtype:trojan-activity;sid:84155423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.44.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292322/; classtype:trojan-activity;sid:84155422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.30.80.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292321/; classtype:trojan-activity;sid:84155421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.83.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292320/; classtype:trojan-activity;sid:84155420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.123.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292319/; classtype:trojan-activity;sid:84155419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.28.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292318/; classtype:trojan-activity;sid:84155418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.238.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292317/; classtype:trojan-activity;sid:84155417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.40.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292316/; classtype:trojan-activity;sid:84155416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.139.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292315/; classtype:trojan-activity;sid:84155415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.140.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292314/; classtype:trojan-activity;sid:84155414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.33.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292313/; classtype:trojan-activity;sid:84155413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.15.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292312/; classtype:trojan-activity;sid:84155412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.88.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292311/; classtype:trojan-activity;sid:84155411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.86.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292309/; classtype:trojan-activity;sid:84155409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.82.50.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292310/; classtype:trojan-activity;sid:84155410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292308/; classtype:trojan-activity;sid:84155408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.80.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292307/; classtype:trojan-activity;sid:84155407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.120.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292306/; classtype:trojan-activity;sid:84155406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.123.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292305/; classtype:trojan-activity;sid:84155405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.12.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292304/; classtype:trojan-activity;sid:84155404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292302/; classtype:trojan-activity;sid:84155402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.177.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292303/; classtype:trojan-activity;sid:84155403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.149.139.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292301/; classtype:trojan-activity;sid:84155401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.21.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292300/; classtype:trojan-activity;sid:84155400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.4.120"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292299/; classtype:trojan-activity;sid:84155399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.235.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292298/; classtype:trojan-activity;sid:84155398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.118.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292297/; classtype:trojan-activity;sid:84155397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.14.124.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292296/; classtype:trojan-activity;sid:84155396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.200.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292295/; classtype:trojan-activity;sid:84155395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292294/; classtype:trojan-activity;sid:84155394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.40.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292293/; classtype:trojan-activity;sid:84155393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.33.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292292/; classtype:trojan-activity;sid:84155392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.109.159.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292291/; classtype:trojan-activity;sid:84155391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.88.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292290/; classtype:trojan-activity;sid:84155390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.10.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292289/; classtype:trojan-activity;sid:84155389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.125.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292288/; classtype:trojan-activity;sid:84155388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.158.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292287/; classtype:trojan-activity;sid:84155387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.187.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292286/; classtype:trojan-activity;sid:84155386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292285/; classtype:trojan-activity;sid:84155385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.223.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292284/; classtype:trojan-activity;sid:84155384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.149.139.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292283/; classtype:trojan-activity;sid:84155383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.73.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292282/; classtype:trojan-activity;sid:84155382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292281)"; flow:established,from_client; content:"GET"; http_method; content:"/api/reg/update.json"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cdn-defac18.artcollective-snapclick.com"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292281/; classtype:trojan-activity;sid:84155381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.221.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292280/; classtype:trojan-activity;sid:84155380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292279)"; flow:established,from_client; content:"GET"; http_method; content:"/naailq1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pub.foodie-safari.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292279/; classtype:trojan-activity;sid:84155379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.4.120"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292278/; classtype:trojan-activity;sid:84155378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.244.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292277/; classtype:trojan-activity;sid:84155377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292276/; classtype:trojan-activity;sid:84155376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292275)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cdn1/instruction_18112.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"download.cdn-serveri6731-ns.shop"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292275/; classtype:trojan-activity;sid:84155375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.14.124.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292274/; classtype:trojan-activity;sid:84155374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.36.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292271/; classtype:trojan-activity;sid:84155371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.52.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292272/; classtype:trojan-activity;sid:84155372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.20.228.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292273/; classtype:trojan-activity;sid:84155373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.15.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292270/; classtype:trojan-activity;sid:84155370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.84.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292269/; classtype:trojan-activity;sid:84155369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292268/; classtype:trojan-activity;sid:84155368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.240.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292267/; classtype:trojan-activity;sid:84155367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.115.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292266/; classtype:trojan-activity;sid:84155366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.187.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292265/; classtype:trojan-activity;sid:84155365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292264)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.11.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292264/; classtype:trojan-activity;sid:84155364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292262)"; flow:established,from_client; content:"GET"; http_method; content:"/ass.vbs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"postposted-dat-realistic-email.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292262/; classtype:trojan-activity;sid:84155362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292263)"; flow:established,from_client; content:"GET"; http_method; content:"/nman.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"postposted-dat-realistic-email.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292263/; classtype:trojan-activity;sid:84155363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292261)"; flow:established,from_client; content:"GET"; http_method; content:"/bab.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"miracle-receives-lightbox-brighton.trycloudflare.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292261/; classtype:trojan-activity;sid:84155361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292260)"; flow:established,from_client; content:"GET"; http_method; content:"/de/dkm-067291.pdf.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"postposted-dat-realistic-email.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292260/; classtype:trojan-activity;sid:84155360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.223.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292259/; classtype:trojan-activity;sid:84155359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.64.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292258/; classtype:trojan-activity;sid:84155358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.73.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292257/; classtype:trojan-activity;sid:84155357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.19.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292256/; classtype:trojan-activity;sid:84155356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.43.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292255/; classtype:trojan-activity;sid:84155355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.54.88.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292253/; classtype:trojan-activity;sid:84155353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.224.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292254/; classtype:trojan-activity;sid:84155354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.36.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292252/; classtype:trojan-activity;sid:84155352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.170.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292251/; classtype:trojan-activity;sid:84155351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292250)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.89.118.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292250/; classtype:trojan-activity;sid:84155350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.221.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292248/; classtype:trojan-activity;sid:84155348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.23.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292249/; classtype:trojan-activity;sid:84155349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.184.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292247/; classtype:trojan-activity;sid:84155347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292241)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/video.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292241/; classtype:trojan-activity;sid:84155341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292242)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/av.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292242/; classtype:trojan-activity;sid:84155342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292243)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/photo.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292243/; classtype:trojan-activity;sid:84155343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292244)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/av.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292244/; classtype:trojan-activity;sid:84155344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292245)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/photo.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292245/; classtype:trojan-activity;sid:84155345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292246)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/video.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292246/; classtype:trojan-activity;sid:84155346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.52.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292240/; classtype:trojan-activity;sid:84155340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.229.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292239/; classtype:trojan-activity;sid:84155339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292237)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.215.238.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292237/; classtype:trojan-activity;sid:84155337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292238)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6linuxtf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"178.215.238.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292238/; classtype:trojan-activity;sid:84155338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292230)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.215.238.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292230/; classtype:trojan-activity;sid:84155330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292231)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.215.238.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292231/; classtype:trojan-activity;sid:84155331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292232)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.215.238.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292232/; classtype:trojan-activity;sid:84155332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292233)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.215.238.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292233/; classtype:trojan-activity;sid:84155333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292234)"; flow:established,from_client; content:"GET"; http_method; content:"/main_spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.215.238.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292234/; classtype:trojan-activity;sid:84155334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292235)"; flow:established,from_client; content:"GET"; http_method; content:"/linuxtf"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.215.238.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292235/; classtype:trojan-activity;sid:84155335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292236)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4linuxtf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"178.215.238.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292236/; classtype:trojan-activity;sid:84155336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292222)"; flow:established,from_client; content:"GET"; http_method; content:"/mipslinuxtf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"178.215.238.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292222/; classtype:trojan-activity;sid:84155322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292223)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.215.238.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292223/; classtype:trojan-activity;sid:84155323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292224)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.215.238.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292224/; classtype:trojan-activity;sid:84155324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292225)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.215.238.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292225/; classtype:trojan-activity;sid:84155325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292226)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.215.238.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292226/; classtype:trojan-activity;sid:84155326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292227)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.215.238.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292227/; classtype:trojan-activity;sid:84155327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292228)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.215.238.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292228/; classtype:trojan-activity;sid:84155328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292229)"; flow:established,from_client; content:"GET"; http_method; content:"/2.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.215.238.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292229/; classtype:trojan-activity;sid:84155329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.220.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292221/; classtype:trojan-activity;sid:84155321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.153.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292220/; classtype:trojan-activity;sid:84155320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.60.254.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292219/; classtype:trojan-activity;sid:84155319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.109.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292218/; classtype:trojan-activity;sid:84155318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.165.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292217/; classtype:trojan-activity;sid:84155317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.127.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292216/; classtype:trojan-activity;sid:84155316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.225.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292215/; classtype:trojan-activity;sid:84155315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.240.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292214/; classtype:trojan-activity;sid:84155314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.226.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292213/; classtype:trojan-activity;sid:84155313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292212)"; flow:established,from_client; content:"GET"; http_method; content:"/2.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"klkl9.b-cdn.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292212/; classtype:trojan-activity;sid:84155312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292211)"; flow:established,from_client; content:"GET"; http_method; content:"/accessoryliberty.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"klkl9.b-cdn.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292211/; classtype:trojan-activity;sid:84155311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.35.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292210/; classtype:trojan-activity;sid:84155310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.227.149.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292209/; classtype:trojan-activity;sid:84155309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.122.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292208/; classtype:trojan-activity;sid:84155308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.209.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292207/; classtype:trojan-activity;sid:84155307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.101.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292206/; classtype:trojan-activity;sid:84155306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.20.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292205/; classtype:trojan-activity;sid:84155305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.62.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292204/; classtype:trojan-activity;sid:84155304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292202)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.22.160.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292202/; classtype:trojan-activity;sid:84155302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292203)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.22.160.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292203/; classtype:trojan-activity;sid:84155303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292201/; classtype:trojan-activity;sid:84155301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292198)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"srothienhoa.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292198/; classtype:trojan-activity;sid:84155298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292199)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"srothienhoa.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292199/; classtype:trojan-activity;sid:84155299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292200)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"srothienhoa.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292200/; classtype:trojan-activity;sid:84155300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292183)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.22.160.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292183/; classtype:trojan-activity;sid:84155283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292184)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.22.160.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292184/; classtype:trojan-activity;sid:84155284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292185)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.22.160.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292185/; classtype:trojan-activity;sid:84155285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292186)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.22.160.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292186/; classtype:trojan-activity;sid:84155286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292187)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"srothienhoa.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292187/; classtype:trojan-activity;sid:84155287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292188)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.22.160.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292188/; classtype:trojan-activity;sid:84155288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292189)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.22.160.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292189/; classtype:trojan-activity;sid:84155289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292190)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"srothienhoa.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292190/; classtype:trojan-activity;sid:84155290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292191)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"srothienhoa.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292191/; classtype:trojan-activity;sid:84155291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292192)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.22.160.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292192/; classtype:trojan-activity;sid:84155292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292193)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"srothienhoa.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292193/; classtype:trojan-activity;sid:84155293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292194)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.22.160.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292194/; classtype:trojan-activity;sid:84155294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292195)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"srothienhoa.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292195/; classtype:trojan-activity;sid:84155295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292196)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"srothienhoa.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292196/; classtype:trojan-activity;sid:84155296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292197)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"srothienhoa.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292197/; classtype:trojan-activity;sid:84155297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.122.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292182/; classtype:trojan-activity;sid:84155282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.165.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292181/; classtype:trojan-activity;sid:84155281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.140.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292180/; classtype:trojan-activity;sid:84155280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.167.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292179/; classtype:trojan-activity;sid:84155279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.149.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292178/; classtype:trojan-activity;sid:84155278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.154.11.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292177/; classtype:trojan-activity;sid:84155277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.153.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292176/; classtype:trojan-activity;sid:84155276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.196.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292175/; classtype:trojan-activity;sid:84155275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292174/; classtype:trojan-activity;sid:84155274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.130.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292173/; classtype:trojan-activity;sid:84155273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.25.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292172/; classtype:trojan-activity;sid:84155272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.154.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292171/; classtype:trojan-activity;sid:84155271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.84.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292170/; classtype:trojan-activity;sid:84155270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.58.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292169/; classtype:trojan-activity;sid:84155269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.209.213.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292168/; classtype:trojan-activity;sid:84155268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.215.214.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292167/; classtype:trojan-activity;sid:84155267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.100.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292166/; classtype:trojan-activity;sid:84155266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.207.39.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292165/; classtype:trojan-activity;sid:84155265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.20.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292164/; classtype:trojan-activity;sid:84155264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.118.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292163/; classtype:trojan-activity;sid:84155263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.119.193.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292162/; classtype:trojan-activity;sid:84155262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.90.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292161/; classtype:trojan-activity;sid:84155261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.163.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292160/; classtype:trojan-activity;sid:84155260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.157.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292159/; classtype:trojan-activity;sid:84155259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292158)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/jodanbc.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292158/; classtype:trojan-activity;sid:84155258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.28.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292157/; classtype:trojan-activity;sid:84155257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.35.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292156/; classtype:trojan-activity;sid:84155256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"74.83.55.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292155/; classtype:trojan-activity;sid:84155255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.5.104"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292154/; classtype:trojan-activity;sid:84155254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.154.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292152/; classtype:trojan-activity;sid:84155252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.24.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292153/; classtype:trojan-activity;sid:84155253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292149)"; flow:established,from_client; content:"GET"; http_method; content:"/kodreng225.cmd"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"191.96.207.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292149/; classtype:trojan-activity;sid:84155249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292150)"; flow:established,from_client; content:"GET"; http_method; content:"/jagtfalkenes.vbs"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"191.96.207.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292150/; classtype:trojan-activity;sid:84155250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292151)"; flow:established,from_client; content:"GET"; http_method; content:"/tomhjernet.wsf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"191.96.207.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292151/; classtype:trojan-activity;sid:84155251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.84.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292148/; classtype:trojan-activity;sid:84155248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292144)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.235.45.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292144/; classtype:trojan-activity;sid:84155244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292145)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.235.45.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292145/; classtype:trojan-activity;sid:84155245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292146)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.235.45.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292146/; classtype:trojan-activity;sid:84155246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292147)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.235.45.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292147/; classtype:trojan-activity;sid:84155247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292131)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"server-64-235-45-196.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292131/; classtype:trojan-activity;sid:84155231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292132)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"server-64-235-45-196.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292132/; classtype:trojan-activity;sid:84155232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292133)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.235.45.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292133/; classtype:trojan-activity;sid:84155233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292134)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"server-64-235-45-196.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292134/; classtype:trojan-activity;sid:84155234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292135)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"server-64-235-45-196.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292135/; classtype:trojan-activity;sid:84155235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292136)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"server-64-235-45-196.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292136/; classtype:trojan-activity;sid:84155236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292137)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.235.45.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292137/; classtype:trojan-activity;sid:84155237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292138)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"server-64-235-45-196.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292138/; classtype:trojan-activity;sid:84155238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292139)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"server-64-235-45-196.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292139/; classtype:trojan-activity;sid:84155239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292140)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.235.45.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292140/; classtype:trojan-activity;sid:84155240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292141)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.235.45.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292141/; classtype:trojan-activity;sid:84155241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292142)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"64.235.45.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292142/; classtype:trojan-activity;sid:84155242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292143)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.235.45.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292143/; classtype:trojan-activity;sid:84155243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292129)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.235.45.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292129/; classtype:trojan-activity;sid:84155229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292130)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.235.45.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292130/; classtype:trojan-activity;sid:84155230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292127)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"server-64-235-45-196.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292127/; classtype:trojan-activity;sid:84155227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292128)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"server-64-235-45-196.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292128/; classtype:trojan-activity;sid:84155228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292122)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"server-64-235-45-196.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292122/; classtype:trojan-activity;sid:84155222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292123)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.235.45.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292123/; classtype:trojan-activity;sid:84155223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292124)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"server-64-235-45-196.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292124/; classtype:trojan-activity;sid:84155224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292125)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"server-64-235-45-196.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292125/; classtype:trojan-activity;sid:84155225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292126)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"server-64-235-45-196.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292126/; classtype:trojan-activity;sid:84155226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292118)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.235.45.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292118/; classtype:trojan-activity;sid:84155218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292119)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"server-64-235-45-196.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292119/; classtype:trojan-activity;sid:84155219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292120)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"server-64-235-45-196.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292120/; classtype:trojan-activity;sid:84155220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292121)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.235.45.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292121/; classtype:trojan-activity;sid:84155221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.3.170"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292116/; classtype:trojan-activity;sid:84155216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.58.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292117/; classtype:trojan-activity;sid:84155217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.83.55.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292115/; classtype:trojan-activity;sid:84155215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.209.213.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292114/; classtype:trojan-activity;sid:84155214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.209.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292113/; classtype:trojan-activity;sid:84155213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.229.151.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292112/; classtype:trojan-activity;sid:84155212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.98.26.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292111/; classtype:trojan-activity;sid:84155211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.233.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292110/; classtype:trojan-activity;sid:84155210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.157.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292109/; classtype:trojan-activity;sid:84155209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292108)"; flow:established,from_client; content:"GET"; http_method; content:"/work/das.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"crickout.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292108/; classtype:trojan-activity;sid:84155208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.25.232.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292107/; classtype:trojan-activity;sid:84155207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.71.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292106/; classtype:trojan-activity;sid:84155206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.30.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292105/; classtype:trojan-activity;sid:84155205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.162.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292104/; classtype:trojan-activity;sid:84155204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292103)"; flow:established,from_client; content:"GET"; http_method; content:"/files/nicko.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292103/; classtype:trojan-activity;sid:84155203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292102/; classtype:trojan-activity;sid:84155202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.45.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292101/; classtype:trojan-activity;sid:84155201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.119.193.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292100/; classtype:trojan-activity;sid:84155200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.82.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292099/; classtype:trojan-activity;sid:84155199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.24.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292098/; classtype:trojan-activity;sid:84155198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.68.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292097/; classtype:trojan-activity;sid:84155197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.5.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292096/; classtype:trojan-activity;sid:84155196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.188.66.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292095/; classtype:trojan-activity;sid:84155195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.255.202.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292094/; classtype:trojan-activity;sid:84155194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.123.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292093/; classtype:trojan-activity;sid:84155193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.232.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292092/; classtype:trojan-activity;sid:84155192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.232.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292090/; classtype:trojan-activity;sid:84155190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.233.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292091/; classtype:trojan-activity;sid:84155191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.222.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292089/; classtype:trojan-activity;sid:84155189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.10.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292087/; classtype:trojan-activity;sid:84155187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.99.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292088/; classtype:trojan-activity;sid:84155188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.5.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292086/; classtype:trojan-activity;sid:84155186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.62.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292085/; classtype:trojan-activity;sid:84155185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.71.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292084/; classtype:trojan-activity;sid:84155184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.68.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292083/; classtype:trojan-activity;sid:84155183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.140.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292082/; classtype:trojan-activity;sid:84155182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.116.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292081/; classtype:trojan-activity;sid:84155181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.175.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292080/; classtype:trojan-activity;sid:84155180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.50.241.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292079/; classtype:trojan-activity;sid:84155179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.123.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292078/; classtype:trojan-activity;sid:84155178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292077/; classtype:trojan-activity;sid:84155177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.3.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292076/; classtype:trojan-activity;sid:84155176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292075)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.103.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292075/; classtype:trojan-activity;sid:84155175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.0.61.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292074/; classtype:trojan-activity;sid:84155174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.188.66.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292073/; classtype:trojan-activity;sid:84155173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.91.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292072/; classtype:trojan-activity;sid:84155172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292070/; classtype:trojan-activity;sid:84155170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.5.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292071/; classtype:trojan-activity;sid:84155171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.46.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292069/; classtype:trojan-activity;sid:84155169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.116.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292068/; classtype:trojan-activity;sid:84155168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.255.202.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292067/; classtype:trojan-activity;sid:84155167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.127.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292066/; classtype:trojan-activity;sid:84155166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.83.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292065/; classtype:trojan-activity;sid:84155165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.255.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292064/; classtype:trojan-activity;sid:84155164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.254.72.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292063/; classtype:trojan-activity;sid:84155163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.59.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292062/; classtype:trojan-activity;sid:84155162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.68.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292061/; classtype:trojan-activity;sid:84155161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.76.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292060/; classtype:trojan-activity;sid:84155160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.72.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292059/; classtype:trojan-activity;sid:84155159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.109.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292058/; classtype:trojan-activity;sid:84155158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.123.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292057/; classtype:trojan-activity;sid:84155157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292056/; classtype:trojan-activity;sid:84155156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.43.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292055/; classtype:trojan-activity;sid:84155155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.59.107.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292054/; classtype:trojan-activity;sid:84155154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292053/; classtype:trojan-activity;sid:84155153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.83.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292052/; classtype:trojan-activity;sid:84155152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.3.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292051/; classtype:trojan-activity;sid:84155151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.114.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292050/; classtype:trojan-activity;sid:84155150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.230.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292049/; classtype:trojan-activity;sid:84155149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.114.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292048/; classtype:trojan-activity;sid:84155148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.103.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292046/; classtype:trojan-activity;sid:84155146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.158.100.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292047/; classtype:trojan-activity;sid:84155147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.178.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292045/; classtype:trojan-activity;sid:84155145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.22.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292044/; classtype:trojan-activity;sid:84155144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.232.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292043/; classtype:trojan-activity;sid:84155143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.178.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292042/; classtype:trojan-activity;sid:84155142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.25.188.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292041/; classtype:trojan-activity;sid:84155141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.208.48.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292040/; classtype:trojan-activity;sid:84155140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292039/; classtype:trojan-activity;sid:84155139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.46.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292038/; classtype:trojan-activity;sid:84155138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.26.81.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292037/; classtype:trojan-activity;sid:84155137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.59.107.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292036/; classtype:trojan-activity;sid:84155136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.178.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292035/; classtype:trojan-activity;sid:84155135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.230.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292034/; classtype:trojan-activity;sid:84155134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.103.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292033/; classtype:trojan-activity;sid:84155133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.0.79.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292031/; classtype:trojan-activity;sid:84155131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.178.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292032/; classtype:trojan-activity;sid:84155132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.232.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292030/; classtype:trojan-activity;sid:84155130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.233.148.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292029/; classtype:trojan-activity;sid:84155129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.46.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292028/; classtype:trojan-activity;sid:84155128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.188.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292027/; classtype:trojan-activity;sid:84155127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.185.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292026/; classtype:trojan-activity;sid:84155126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.71.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292025/; classtype:trojan-activity;sid:84155125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292024/; classtype:trojan-activity;sid:84155124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.113.124.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292023/; classtype:trojan-activity;sid:84155123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.243.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292022/; classtype:trojan-activity;sid:84155122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.57.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292020/; classtype:trojan-activity;sid:84155120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.202.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292021/; classtype:trojan-activity;sid:84155121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.9.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292019/; classtype:trojan-activity;sid:84155119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292018/; classtype:trojan-activity;sid:84155118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.0.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292017/; classtype:trojan-activity;sid:84155117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.96.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292016/; classtype:trojan-activity;sid:84155116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.140.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292015/; classtype:trojan-activity;sid:84155115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292014)"; flow:established,from_client; content:"GET"; http_method; content:"/n/tui/mininews/mininewsplus/3.0.0.26165/mininewsplus-2.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"mininews.kpzip.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292014/; classtype:trojan-activity;sid:84155114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292013)"; flow:established,from_client; content:"GET"; http_method; content:"/downdll/opengl32.dll40watson-sanchez4040830.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"www.bkzj.wang"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292013/; classtype:trojan-activity;sid:84155113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292012)"; flow:established,from_client; content:"GET"; http_method; content:"/windows_update/windows_update.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"20.0.145.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292012/; classtype:trojan-activity;sid:84155112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.113.124.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292011/; classtype:trojan-activity;sid:84155111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.16.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292010/; classtype:trojan-activity;sid:84155110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.240.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292009/; classtype:trojan-activity;sid:84155109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.141.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292008/; classtype:trojan-activity;sid:84155108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.114.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292007/; classtype:trojan-activity;sid:84155107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.146.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292006/; classtype:trojan-activity;sid:84155106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.67.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292005/; classtype:trojan-activity;sid:84155105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.119.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292004/; classtype:trojan-activity;sid:84155104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.62.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292003/; classtype:trojan-activity;sid:84155103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.131.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292002/; classtype:trojan-activity;sid:84155102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.106.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292001/; classtype:trojan-activity;sid:84155101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.9.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292000/; classtype:trojan-activity;sid:84155100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.71.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291999/; classtype:trojan-activity;sid:84155099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.165.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291998/; classtype:trojan-activity;sid:84155098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.22.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291997/; classtype:trojan-activity;sid:84155097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.140.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291996/; classtype:trojan-activity;sid:84155096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.243.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291995/; classtype:trojan-activity;sid:84155095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.96.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291994/; classtype:trojan-activity;sid:84155094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.237.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291993/; classtype:trojan-activity;sid:84155093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.140.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291992/; classtype:trojan-activity;sid:84155092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.24.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291991/; classtype:trojan-activity;sid:84155091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291990/; classtype:trojan-activity;sid:84155090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.230.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291989/; classtype:trojan-activity;sid:84155089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.146.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291988/; classtype:trojan-activity;sid:84155088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.106.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291987/; classtype:trojan-activity;sid:84155087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.157.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291986/; classtype:trojan-activity;sid:84155086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.137.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291985/; classtype:trojan-activity;sid:84155085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.157.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291984/; classtype:trojan-activity;sid:84155084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.167.33.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291982/; classtype:trojan-activity;sid:84155082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.82.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291983/; classtype:trojan-activity;sid:84155083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.11.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291981/; classtype:trojan-activity;sid:84155081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.21.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291980/; classtype:trojan-activity;sid:84155080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.227.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291979/; classtype:trojan-activity;sid:84155079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.218.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291978/; classtype:trojan-activity;sid:84155078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.253.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291977/; classtype:trojan-activity;sid:84155077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.172.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291975/; classtype:trojan-activity;sid:84155075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.34.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291976/; classtype:trojan-activity;sid:84155076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.24.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291973/; classtype:trojan-activity;sid:84155073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.143.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291974/; classtype:trojan-activity;sid:84155074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.169.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291972/; classtype:trojan-activity;sid:84155072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.215.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291971/; classtype:trojan-activity;sid:84155071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.71.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291970/; classtype:trojan-activity;sid:84155070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.245.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291969/; classtype:trojan-activity;sid:84155069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.190.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291968/; classtype:trojan-activity;sid:84155068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.198.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291966/; classtype:trojan-activity;sid:84155066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.115.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291967/; classtype:trojan-activity;sid:84155067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291965)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.43.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291965/; classtype:trojan-activity;sid:84155065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.82.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291964/; classtype:trojan-activity;sid:84155064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.16.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291963/; classtype:trojan-activity;sid:84155063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.90.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291962/; classtype:trojan-activity;sid:84155062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.227.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291961/; classtype:trojan-activity;sid:84155061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.143.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291960/; classtype:trojan-activity;sid:84155060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.223.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291959/; classtype:trojan-activity;sid:84155059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.71.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291958/; classtype:trojan-activity;sid:84155058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.74.13.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291957/; classtype:trojan-activity;sid:84155057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.24.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291956/; classtype:trojan-activity;sid:84155056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291955/; classtype:trojan-activity;sid:84155055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.32.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291954/; classtype:trojan-activity;sid:84155054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.169.234.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291953/; classtype:trojan-activity;sid:84155053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.24.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291952/; classtype:trojan-activity;sid:84155052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.158.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291951/; classtype:trojan-activity;sid:84155051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.227.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291950/; classtype:trojan-activity;sid:84155050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.223.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291949/; classtype:trojan-activity;sid:84155049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.40.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291948/; classtype:trojan-activity;sid:84155048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.116.122.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291947/; classtype:trojan-activity;sid:84155047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.33.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291946/; classtype:trojan-activity;sid:84155046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.196.51.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291945/; classtype:trojan-activity;sid:84155045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291944/; classtype:trojan-activity;sid:84155044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.167.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291943/; classtype:trojan-activity;sid:84155043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.240.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291942/; classtype:trojan-activity;sid:84155042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.178.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291941/; classtype:trojan-activity;sid:84155041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.185.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291940/; classtype:trojan-activity;sid:84155040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.172.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291939/; classtype:trojan-activity;sid:84155039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.82.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291938/; classtype:trojan-activity;sid:84155038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.127.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291937/; classtype:trojan-activity;sid:84155037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.245.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291936/; classtype:trojan-activity;sid:84155036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.226.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291935/; classtype:trojan-activity;sid:84155035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291934/; classtype:trojan-activity;sid:84155034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.252.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291933/; classtype:trojan-activity;sid:84155033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.53.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291932/; classtype:trojan-activity;sid:84155032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.185.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291931/; classtype:trojan-activity;sid:84155031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.74.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291930/; classtype:trojan-activity;sid:84155030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.13.155"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291929/; classtype:trojan-activity;sid:84155029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.246.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291928/; classtype:trojan-activity;sid:84155028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.205.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291927/; classtype:trojan-activity;sid:84155027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.127.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291926/; classtype:trojan-activity;sid:84155026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.8.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291925/; classtype:trojan-activity;sid:84155025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.231.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291924/; classtype:trojan-activity;sid:84155024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.14.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291923/; classtype:trojan-activity;sid:84155023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.191.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291922/; classtype:trojan-activity;sid:84155022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.226.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291921/; classtype:trojan-activity;sid:84155021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.120.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291919/; classtype:trojan-activity;sid:84155019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.79.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291920/; classtype:trojan-activity;sid:84155020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291918)"; flow:established,from_client; content:"GET"; http_method; content:"/gho%e9%95%9c%e5%83%8f%e5%ae%89%e8%a3%85%e5%99%a8.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"171.213.44.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291918/; classtype:trojan-activity;sid:84155018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.100.213.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291916/; classtype:trojan-activity;sid:84155016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.111.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291917/; classtype:trojan-activity;sid:84155017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291915)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.151.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291915/; classtype:trojan-activity;sid:84155015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.95.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291914/; classtype:trojan-activity;sid:84155014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.68.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291913/; classtype:trojan-activity;sid:84155013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.246.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291912/; classtype:trojan-activity;sid:84155012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.231.200.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291911/; classtype:trojan-activity;sid:84155011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291910)"; flow:established,from_client; content:"GET"; http_method; content:"/3911_wz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"wz.3911.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291910/; classtype:trojan-activity;sid:84155010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291908)"; flow:established,from_client; content:"GET"; http_method; content:"/33/seemybestthingswhichcallyoubabygirlwhichgiveuhotchicks.tif"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"192.3.243.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291908/; classtype:trojan-activity;sid:84155008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291909)"; flow:established,from_client; content:"GET"; http_method; content:"/32/seemybestthingswithentirelifetimethingstodomybest.tif"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"192.3.243.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291909/; classtype:trojan-activity;sid:84155009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291906)"; flow:established,from_client; content:"GET"; http_method; content:"/33/nu/bestgirlfriendwhowintheheartwithentirelifegivenubestthigns.hta"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"192.3.243.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291906/; classtype:trojan-activity;sid:84155006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291907)"; flow:established,from_client; content:"GET"; http_method; content:"/32/nc/kissmegoodthingwhichgivemebestthignswithgirluaremy.hta"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"192.3.243.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291907/; classtype:trojan-activity;sid:84155007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.127.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291905/; classtype:trojan-activity;sid:84155005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.78.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291904/; classtype:trojan-activity;sid:84155004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.120.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291903/; classtype:trojan-activity;sid:84155003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.213.185.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291902/; classtype:trojan-activity;sid:84155002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.183.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291901/; classtype:trojan-activity;sid:84155001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.51.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291900/; classtype:trojan-activity;sid:84155000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.111.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291899/; classtype:trojan-activity;sid:84154999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.79.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291898/; classtype:trojan-activity;sid:84154998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.95.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291897/; classtype:trojan-activity;sid:84154997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.105.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291896/; classtype:trojan-activity;sid:84154996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.200.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291895/; classtype:trojan-activity;sid:84154995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.230.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291894/; classtype:trojan-activity;sid:84154994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.236.182.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291891/; classtype:trojan-activity;sid:84154991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.79.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291892/; classtype:trojan-activity;sid:84154992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.206.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291893/; classtype:trojan-activity;sid:84154993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.242.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291890/; classtype:trojan-activity;sid:84154990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.108.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291889/; classtype:trojan-activity;sid:84154989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.78.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291888/; classtype:trojan-activity;sid:84154988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.51.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291887/; classtype:trojan-activity;sid:84154987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291886)"; flow:established,from_client; content:"GET"; http_method; content:"/toxis_gaduka_build.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.252.153.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291886/; classtype:trojan-activity;sid:84154986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.111.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291885/; classtype:trojan-activity;sid:84154985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.4.4.141"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291884/; classtype:trojan-activity;sid:84154984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291882/; classtype:trojan-activity;sid:84154982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.176.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291883/; classtype:trojan-activity;sid:84154983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291881)"; flow:established,from_client; content:"GET"; http_method; content:"/prism"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"121.36.224.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291881/; classtype:trojan-activity;sid:84154981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291880)"; flow:established,from_client; content:"GET"; http_method; content:"/setup_tunnel.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"121.36.224.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291880/; classtype:trojan-activity;sid:84154980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291879)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"tqne.events.socalpocis.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291879/; classtype:trojan-activity;sid:84154979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.217.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291877/; classtype:trojan-activity;sid:84154977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.242.106.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291878/; classtype:trojan-activity;sid:84154978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.3.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291876/; classtype:trojan-activity;sid:84154976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.242.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291875/; classtype:trojan-activity;sid:84154975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.173.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291874/; classtype:trojan-activity;sid:84154974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291872)"; flow:established,from_client; content:"GET"; http_method; content:"/jupsculd221.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"104.168.32.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291872/; classtype:trojan-activity;sid:84154972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291873)"; flow:established,from_client; content:"GET"; http_method; content:"/penahbirpprgoktv203.bin"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"93.123.109.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291873/; classtype:trojan-activity;sid:84154973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.5.194"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291871/; classtype:trojan-activity;sid:84154971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.2.50.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291870/; classtype:trojan-activity;sid:84154970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291869)"; flow:established,from_client; content:"GET"; http_method; content:"/images/stories/guides/guide2018.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"dcwblida.dz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291869/; classtype:trojan-activity;sid:84154969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.239.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291868/; classtype:trojan-activity;sid:84154968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.226.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291867/; classtype:trojan-activity;sid:84154967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.78.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291866/; classtype:trojan-activity;sid:84154966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.77.68.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291864/; classtype:trojan-activity;sid:84154964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.59.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291865/; classtype:trojan-activity;sid:84154965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.236.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291862/; classtype:trojan-activity;sid:84154962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.225.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291863/; classtype:trojan-activity;sid:84154963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.54.160.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291861/; classtype:trojan-activity;sid:84154961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.89.154"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291860/; classtype:trojan-activity;sid:84154960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.242.106.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291859/; classtype:trojan-activity;sid:84154959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"68.115.131.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291857/; classtype:trojan-activity;sid:84154957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.100.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291858/; classtype:trojan-activity;sid:84154958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.164.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291856/; classtype:trojan-activity;sid:84154956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.99.26"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291855/; classtype:trojan-activity;sid:84154955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291853)"; flow:established,from_client; content:"GET"; http_method; content:"/earm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"43.133.65.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291853/; classtype:trojan-activity;sid:84154953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291854)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"43.133.65.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291854/; classtype:trojan-activity;sid:84154954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.60.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291852/; classtype:trojan-activity;sid:84154952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291851)"; flow:established,from_client; content:"GET"; http_method; content:"/empsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"43.133.65.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291851/; classtype:trojan-activity;sid:84154951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291850)"; flow:established,from_client; content:"GET"; http_method; content:"/earm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.133.65.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291850/; classtype:trojan-activity;sid:84154950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291847)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.133.65.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291847/; classtype:trojan-activity;sid:84154947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291848)"; flow:established,from_client; content:"GET"; http_method; content:"/emips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"43.133.65.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291848/; classtype:trojan-activity;sid:84154948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291849)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/ex86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"43.133.65.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291849/; classtype:trojan-activity;sid:84154949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291840)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.133.65.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291840/; classtype:trojan-activity;sid:84154940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291841)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.133.65.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291841/; classtype:trojan-activity;sid:84154941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291842)"; flow:established,from_client; content:"GET"; http_method; content:"/earm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"43.133.65.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291842/; classtype:trojan-activity;sid:84154942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291843)"; flow:established,from_client; content:"GET"; http_method; content:"/earm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"43.133.65.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291843/; classtype:trojan-activity;sid:84154943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291844)"; flow:established,from_client; content:"GET"; http_method; content:"/ex86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.133.65.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291844/; classtype:trojan-activity;sid:84154944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291845)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/emips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.133.65.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291845/; classtype:trojan-activity;sid:84154945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291846)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/empsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.133.65.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291846/; classtype:trojan-activity;sid:84154946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.54.160.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291839/; classtype:trojan-activity;sid:84154939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.226.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291838/; classtype:trojan-activity;sid:84154938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.93.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291837/; classtype:trojan-activity;sid:84154937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.242.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291836/; classtype:trojan-activity;sid:84154936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.137.0.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291835/; classtype:trojan-activity;sid:84154935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.27.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291834/; classtype:trojan-activity;sid:84154934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.236.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291833/; classtype:trojan-activity;sid:84154933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.64.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291831/; classtype:trojan-activity;sid:84154931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.134.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291832/; classtype:trojan-activity;sid:84154932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.47.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291830/; classtype:trojan-activity;sid:84154930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.67.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291829/; classtype:trojan-activity;sid:84154929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.75.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291828/; classtype:trojan-activity;sid:84154928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.75.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291827/; classtype:trojan-activity;sid:84154927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.147.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291826/; classtype:trojan-activity;sid:84154926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.100.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291825/; classtype:trojan-activity;sid:84154925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.47.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291824/; classtype:trojan-activity;sid:84154924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.67.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291823/; classtype:trojan-activity;sid:84154923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.248.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291822/; classtype:trojan-activity;sid:84154922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.210.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291821/; classtype:trojan-activity;sid:84154921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.75.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291820/; classtype:trojan-activity;sid:84154920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.180.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291819/; classtype:trojan-activity;sid:84154919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.67.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291818/; classtype:trojan-activity;sid:84154918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.117.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291817/; classtype:trojan-activity;sid:84154917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.111.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291816/; classtype:trojan-activity;sid:84154916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.247.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291814/; classtype:trojan-activity;sid:84154914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.123.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291815/; classtype:trojan-activity;sid:84154915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291813/; classtype:trojan-activity;sid:84154913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.75.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291812/; classtype:trojan-activity;sid:84154912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291811)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291811/; classtype:trojan-activity;sid:84154911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.210.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291810/; classtype:trojan-activity;sid:84154910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.92.22.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291809/; classtype:trojan-activity;sid:84154909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291808)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"paytest.infinitegalaxy.cn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291808/; classtype:trojan-activity;sid:84154908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291806)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"paytest.infinitegalaxy.cn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291806/; classtype:trojan-activity;sid:84154906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291807)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"paytest.infinitegalaxy.cn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291807/; classtype:trojan-activity;sid:84154907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291805)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"paytest.infinitegalaxy.cn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291805/; classtype:trojan-activity;sid:84154905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291803)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"paytest.infinitegalaxy.cn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291803/; classtype:trojan-activity;sid:84154903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291804)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"paytest.infinitegalaxy.cn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291804/; classtype:trojan-activity;sid:84154904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.218.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291802/; classtype:trojan-activity;sid:84154902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.216.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291801/; classtype:trojan-activity;sid:84154901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.147.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291800/; classtype:trojan-activity;sid:84154900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291799)"; flow:established,from_client; content:"GET"; http_method; content:"/data-package/7pdxjnkp/download"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"filetransfer.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291799/; classtype:trojan-activity;sid:84154899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291798)"; flow:established,from_client; content:"GET"; http_method; content:"/data-package/7pdxjnkp/download"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"filetransfer.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291798/; classtype:trojan-activity;sid:84154898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.121.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291797/; classtype:trojan-activity;sid:84154897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.180.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291796/; classtype:trojan-activity;sid:84154896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.98.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291795/; classtype:trojan-activity;sid:84154895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.6.194"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291794/; classtype:trojan-activity;sid:84154894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.29.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291793/; classtype:trojan-activity;sid:84154893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.47.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291792/; classtype:trojan-activity;sid:84154892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.226.125.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291791/; classtype:trojan-activity;sid:84154891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.158.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291790/; classtype:trojan-activity;sid:84154890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.135.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291789/; classtype:trojan-activity;sid:84154889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291788)"; flow:established,from_client; content:"GET"; http_method; content:"/fhpnud.pdf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"nexoproducciones.cl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291788/; classtype:trojan-activity;sid:84154888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.22.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291787/; classtype:trojan-activity;sid:84154887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291786)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ieiqeih-1iodbpcgjseuqkj3sftykaxm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291786/; classtype:trojan-activity;sid:84154886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291782)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/5bwo9mq29wnl5r2a4k3wy/1archivo-nro-18-notificaci-n-electr-ncia-judicial-esm-agradecemos-confirmar-recibido-15.tar.uue.tar.001|3f|rlkey=ieu4fms412fp1o338yg57hz3r|7c|26|7c|st=ivpan68v|7c|26|7c|dl=0"; http_uri; depth:203; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291782/; classtype:trojan-activity;sid:84154882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291783)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/8nh6qq43s1qzgsjlhwq7f/archivo-nro-18-notificaci-n-electr-ncia-judicial-esm-agradecemos-confirmar-recibido-15.tar.uue.tar.001|3f|rlkey=d7rytyfpyngxf5lw63u4b3ysh|7c|26|7c|st=bbolzkoo|7c|26|7c|dl=0"; http_uri; depth:202; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291783/; classtype:trojan-activity;sid:84154883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291784)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/dczxh5ejh61dxxjo0wzox/4notificaci-n-electr-ncia-judicial-esm-agradecemos-confirmar-recibido-15.tar.uue.tar.001|3f|rlkey=5ph1a4hphb7yz4teyaawc0vxl|7c|26|7c|st=hmgpb1j2|7c|26|7c|dl=0"; http_uri; depth:188; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291784/; classtype:trojan-activity;sid:84154884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291785)"; flow:established,from_client; content:"GET"; http_method; content:"/sample_photo.js"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ikincielesyaciankara.com.tr"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291785/; classtype:trojan-activity;sid:84154885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.87.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291781/; classtype:trojan-activity;sid:84154881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.206.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291780/; classtype:trojan-activity;sid:84154880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.182.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291779/; classtype:trojan-activity;sid:84154879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.29.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291778/; classtype:trojan-activity;sid:84154878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291777/; classtype:trojan-activity;sid:84154877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.74.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291776/; classtype:trojan-activity;sid:84154876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.158.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291775/; classtype:trojan-activity;sid:84154875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.120.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291774/; classtype:trojan-activity;sid:84154874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.193.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291773/; classtype:trojan-activity;sid:84154873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.37.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291772/; classtype:trojan-activity;sid:84154872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.214.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291771/; classtype:trojan-activity;sid:84154871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.89.90.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291770/; classtype:trojan-activity;sid:84154870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.138.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291769/; classtype:trojan-activity;sid:84154869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.60.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291768/; classtype:trojan-activity;sid:84154868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.114.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291767/; classtype:trojan-activity;sid:84154867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.120.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291766/; classtype:trojan-activity;sid:84154866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.52.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291765/; classtype:trojan-activity;sid:84154865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.140.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291764/; classtype:trojan-activity;sid:84154864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.106.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291763/; classtype:trojan-activity;sid:84154863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.146.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291762/; classtype:trojan-activity;sid:84154862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291761/; classtype:trojan-activity;sid:84154861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.134.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291760/; classtype:trojan-activity;sid:84154860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.66.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291759/; classtype:trojan-activity;sid:84154859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.69.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291758/; classtype:trojan-activity;sid:84154858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.247.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291755/; classtype:trojan-activity;sid:84154855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.111.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291756/; classtype:trojan-activity;sid:84154856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.253.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291757/; classtype:trojan-activity;sid:84154857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.28.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291754/; classtype:trojan-activity;sid:84154854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.134.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291753/; classtype:trojan-activity;sid:84154853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"67.2.14.146"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291752/; classtype:trojan-activity;sid:84154852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.72.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291751/; classtype:trojan-activity;sid:84154851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.57.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291750/; classtype:trojan-activity;sid:84154850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.1.238"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291749/; classtype:trojan-activity;sid:84154849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.246.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291748/; classtype:trojan-activity;sid:84154848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.191.83.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291746/; classtype:trojan-activity;sid:84154846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.162.16.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291747/; classtype:trojan-activity;sid:84154847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291745/; classtype:trojan-activity;sid:84154845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.28.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291743/; classtype:trojan-activity;sid:84154843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.57.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291744/; classtype:trojan-activity;sid:84154844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.70.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291742/; classtype:trojan-activity;sid:84154842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.104.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291741/; classtype:trojan-activity;sid:84154841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.212.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291740/; classtype:trojan-activity;sid:84154840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.106.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291739/; classtype:trojan-activity;sid:84154839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.183.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291738/; classtype:trojan-activity;sid:84154838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.6.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291736/; classtype:trojan-activity;sid:84154836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.248.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291737/; classtype:trojan-activity;sid:84154837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291735/; classtype:trojan-activity;sid:84154835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291734/; classtype:trojan-activity;sid:84154834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.51.193.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291733/; classtype:trojan-activity;sid:84154833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.2.14.146"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291732/; classtype:trojan-activity;sid:84154832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.31.179.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291731/; classtype:trojan-activity;sid:84154831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.70.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291729/; classtype:trojan-activity;sid:84154829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.227.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291730/; classtype:trojan-activity;sid:84154830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.148.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291728/; classtype:trojan-activity;sid:84154828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.212.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291727/; classtype:trojan-activity;sid:84154827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.0.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291726/; classtype:trojan-activity;sid:84154826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.104.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291725/; classtype:trojan-activity;sid:84154825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.227.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291724/; classtype:trojan-activity;sid:84154824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.6.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291723/; classtype:trojan-activity;sid:84154823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.35.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291722/; classtype:trojan-activity;sid:84154822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291721/; classtype:trojan-activity;sid:84154821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.146.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291720/; classtype:trojan-activity;sid:84154820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.4.2.45"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291719/; classtype:trojan-activity;sid:84154819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.31.179.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291718/; classtype:trojan-activity;sid:84154818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.46.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291717/; classtype:trojan-activity;sid:84154817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.72.210.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291714/; classtype:trojan-activity;sid:84154814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.190.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291715/; classtype:trojan-activity;sid:84154815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.36.180.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291716/; classtype:trojan-activity;sid:84154816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.116.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291713/; classtype:trojan-activity;sid:84154813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.118.144.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291712/; classtype:trojan-activity;sid:84154812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.245.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291711/; classtype:trojan-activity;sid:84154811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"206.85.166.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291710/; classtype:trojan-activity;sid:84154810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.60.176.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291709/; classtype:trojan-activity;sid:84154809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.79.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291708/; classtype:trojan-activity;sid:84154808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.8.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291707/; classtype:trojan-activity;sid:84154807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.36.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291706/; classtype:trojan-activity;sid:84154806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.138.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291705/; classtype:trojan-activity;sid:84154805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.13.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291704/; classtype:trojan-activity;sid:84154804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.176.107.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291703/; classtype:trojan-activity;sid:84154803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291702/; classtype:trojan-activity;sid:84154802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.116.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291701/; classtype:trojan-activity;sid:84154801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.105.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291700/; classtype:trojan-activity;sid:84154800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.5.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291699/; classtype:trojan-activity;sid:84154799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.13.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291698/; classtype:trojan-activity;sid:84154798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291697/; classtype:trojan-activity;sid:84154797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"206.85.166.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291696/; classtype:trojan-activity;sid:84154796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.144.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291695/; classtype:trojan-activity;sid:84154795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.65.95.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291694/; classtype:trojan-activity;sid:84154794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.233.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291693/; classtype:trojan-activity;sid:84154793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.41.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291692/; classtype:trojan-activity;sid:84154792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.43.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291691/; classtype:trojan-activity;sid:84154791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.176.107.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291690/; classtype:trojan-activity;sid:84154790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.47.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291689/; classtype:trojan-activity;sid:84154789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.47.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291688/; classtype:trojan-activity;sid:84154788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.254.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291687/; classtype:trojan-activity;sid:84154787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.181.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291686/; classtype:trojan-activity;sid:84154786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.65.95.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291685/; classtype:trojan-activity;sid:84154785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.1.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291684/; classtype:trojan-activity;sid:84154784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.113.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291683/; classtype:trojan-activity;sid:84154783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.50.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291682/; classtype:trojan-activity;sid:84154782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.224.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291681/; classtype:trojan-activity;sid:84154781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.180.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291680/; classtype:trojan-activity;sid:84154780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.255.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291679/; classtype:trojan-activity;sid:84154779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.204.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291678/; classtype:trojan-activity;sid:84154778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291677/; classtype:trojan-activity;sid:84154777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.35.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291676/; classtype:trojan-activity;sid:84154776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291674/; classtype:trojan-activity;sid:84154774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.149.153.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291675/; classtype:trojan-activity;sid:84154775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.97.201.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291672/; classtype:trojan-activity;sid:84154772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291673/; classtype:trojan-activity;sid:84154773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.80.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291671/; classtype:trojan-activity;sid:84154771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291670/; classtype:trojan-activity;sid:84154770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291669)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.141.245.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291669/; classtype:trojan-activity;sid:84154769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291668)"; flow:established,from_client; content:"GET"; http_method; content:"/skoblik.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"altraonline.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291668/; classtype:trojan-activity;sid:84154768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.113.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291667/; classtype:trojan-activity;sid:84154767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.56.138.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291666/; classtype:trojan-activity;sid:84154766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.177.200.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291665/; classtype:trojan-activity;sid:84154765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.1.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291664/; classtype:trojan-activity;sid:84154764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.62.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291663/; classtype:trojan-activity;sid:84154763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.241.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291662/; classtype:trojan-activity;sid:84154762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.0.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291661/; classtype:trojan-activity;sid:84154761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.115.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291659/; classtype:trojan-activity;sid:84154759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.82.227.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291660/; classtype:trojan-activity;sid:84154760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.226.177.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291658/; classtype:trojan-activity;sid:84154758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.18.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291657/; classtype:trojan-activity;sid:84154757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291656/; classtype:trojan-activity;sid:84154756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.180.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291655/; classtype:trojan-activity;sid:84154755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.100.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291654/; classtype:trojan-activity;sid:84154754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.53.98.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291653/; classtype:trojan-activity;sid:84154753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.55.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291652/; classtype:trojan-activity;sid:84154752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.39.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291651/; classtype:trojan-activity;sid:84154751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.198.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291650/; classtype:trojan-activity;sid:84154750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.119.109.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291649/; classtype:trojan-activity;sid:84154749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.177.200.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291648/; classtype:trojan-activity;sid:84154748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.153.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291647/; classtype:trojan-activity;sid:84154747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.130.127.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291646/; classtype:trojan-activity;sid:84154746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.18.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291645/; classtype:trojan-activity;sid:84154745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.233.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291644/; classtype:trojan-activity;sid:84154744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.125.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291643/; classtype:trojan-activity;sid:84154743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.1.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291642/; classtype:trojan-activity;sid:84154742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.96.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291641/; classtype:trojan-activity;sid:84154741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.51.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291640/; classtype:trojan-activity;sid:84154740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.101.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291639/; classtype:trojan-activity;sid:84154739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.103.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291638/; classtype:trojan-activity;sid:84154738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.53.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291637/; classtype:trojan-activity;sid:84154737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.218.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291636/; classtype:trojan-activity;sid:84154736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.238.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291635/; classtype:trojan-activity;sid:84154735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.53.98.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291634/; classtype:trojan-activity;sid:84154734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.100.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291633/; classtype:trojan-activity;sid:84154733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.198.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291632/; classtype:trojan-activity;sid:84154732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.153.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291631/; classtype:trojan-activity;sid:84154731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.215.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291630/; classtype:trojan-activity;sid:84154730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.241.48.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291628/; classtype:trojan-activity;sid:84154728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.110.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291629/; classtype:trojan-activity;sid:84154729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291627/; classtype:trojan-activity;sid:84154727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.139.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291626/; classtype:trojan-activity;sid:84154726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.213.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291625/; classtype:trojan-activity;sid:84154725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.43.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291624/; classtype:trojan-activity;sid:84154724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.227.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291623/; classtype:trojan-activity;sid:84154723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.95.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291622/; classtype:trojan-activity;sid:84154722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.103.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291621/; classtype:trojan-activity;sid:84154721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.119.109.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291620/; classtype:trojan-activity;sid:84154720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.56.138.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291619/; classtype:trojan-activity;sid:84154719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.215.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291618/; classtype:trojan-activity;sid:84154718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.233.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291617/; classtype:trojan-activity;sid:84154717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.9.40.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291616/; classtype:trojan-activity;sid:84154716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.150.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291615/; classtype:trojan-activity;sid:84154715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291614/; classtype:trojan-activity;sid:84154714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291613/; classtype:trojan-activity;sid:84154713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.36.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291612/; classtype:trojan-activity;sid:84154712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.178.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291610/; classtype:trojan-activity;sid:84154710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.241.48.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291611/; classtype:trojan-activity;sid:84154711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291609/; classtype:trojan-activity;sid:84154709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.238.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291608/; classtype:trojan-activity;sid:84154708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.175.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291607/; classtype:trojan-activity;sid:84154707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.236.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291606/; classtype:trojan-activity;sid:84154706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.53.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291605/; classtype:trojan-activity;sid:84154705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.218.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291604/; classtype:trojan-activity;sid:84154704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.25.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291602/; classtype:trojan-activity;sid:84154702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.13.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291603/; classtype:trojan-activity;sid:84154703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.139.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291600/; classtype:trojan-activity;sid:84154700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.11.57.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291601/; classtype:trojan-activity;sid:84154701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291599/; classtype:trojan-activity;sid:84154699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.249.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291598/; classtype:trojan-activity;sid:84154698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.174.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291597/; classtype:trojan-activity;sid:84154697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.193.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291596/; classtype:trojan-activity;sid:84154696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.242.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291595/; classtype:trojan-activity;sid:84154695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.183.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291594/; classtype:trojan-activity;sid:84154694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.178.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291593/; classtype:trojan-activity;sid:84154693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.85.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291592/; classtype:trojan-activity;sid:84154692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.175.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291591/; classtype:trojan-activity;sid:84154691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.217.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291590/; classtype:trojan-activity;sid:84154690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.221.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291589/; classtype:trojan-activity;sid:84154689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.125.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291588/; classtype:trojan-activity;sid:84154688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291587/; classtype:trojan-activity;sid:84154687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.229.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291586/; classtype:trojan-activity;sid:84154686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.187.17.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291585/; classtype:trojan-activity;sid:84154685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.193.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291584/; classtype:trojan-activity;sid:84154684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.65.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291583/; classtype:trojan-activity;sid:84154683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.174.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291582/; classtype:trojan-activity;sid:84154682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.3.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291581/; classtype:trojan-activity;sid:84154681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.251.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291580/; classtype:trojan-activity;sid:84154680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291579/; classtype:trojan-activity;sid:84154679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.38.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291578/; classtype:trojan-activity;sid:84154678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.125.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291577/; classtype:trojan-activity;sid:84154677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.6.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291576/; classtype:trojan-activity;sid:84154676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.216.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291575/; classtype:trojan-activity;sid:84154675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.86.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291574/; classtype:trojan-activity;sid:84154674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.172.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291573/; classtype:trojan-activity;sid:84154673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.238.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291571/; classtype:trojan-activity;sid:84154671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.229.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291572/; classtype:trojan-activity;sid:84154672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.141.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291570/; classtype:trojan-activity;sid:84154670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.4.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291569/; classtype:trojan-activity;sid:84154669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.42.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291568/; classtype:trojan-activity;sid:84154668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.48.200.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291567/; classtype:trojan-activity;sid:84154667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.46.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291566/; classtype:trojan-activity;sid:84154666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.72.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291565/; classtype:trojan-activity;sid:84154665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.81.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291563/; classtype:trojan-activity;sid:84154663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.43.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291564/; classtype:trojan-activity;sid:84154664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.87.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291562/; classtype:trojan-activity;sid:84154662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.17.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291561/; classtype:trojan-activity;sid:84154661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.87.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291560/; classtype:trojan-activity;sid:84154660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.49.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291559/; classtype:trojan-activity;sid:84154659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.4.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291558/; classtype:trojan-activity;sid:84154658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.141.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291557/; classtype:trojan-activity;sid:84154657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.132.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291556/; classtype:trojan-activity;sid:84154656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.180.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291555/; classtype:trojan-activity;sid:84154655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.11.57.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291554/; classtype:trojan-activity;sid:84154654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.252.10.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291553/; classtype:trojan-activity;sid:84154653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.240.18.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291552/; classtype:trojan-activity;sid:84154652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.190.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291551/; classtype:trojan-activity;sid:84154651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.28.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291550/; classtype:trojan-activity;sid:84154650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.100.18.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291548/; classtype:trojan-activity;sid:84154648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.153.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291549/; classtype:trojan-activity;sid:84154649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.133.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291547/; classtype:trojan-activity;sid:84154647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.144.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291546/; classtype:trojan-activity;sid:84154646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.38.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291545/; classtype:trojan-activity;sid:84154645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.43.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291544/; classtype:trojan-activity;sid:84154644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.44.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291543/; classtype:trojan-activity;sid:84154643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291542/; classtype:trojan-activity;sid:84154642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.49.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291541/; classtype:trojan-activity;sid:84154641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.132.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291540/; classtype:trojan-activity;sid:84154640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.207.39.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291539/; classtype:trojan-activity;sid:84154639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.42.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291538/; classtype:trojan-activity;sid:84154638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.39.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291537/; classtype:trojan-activity;sid:84154637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.140.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291536/; classtype:trojan-activity;sid:84154636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.34.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291535/; classtype:trojan-activity;sid:84154635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.230.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291534/; classtype:trojan-activity;sid:84154634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.155.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291533/; classtype:trojan-activity;sid:84154633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.144.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291532/; classtype:trojan-activity;sid:84154632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.24.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291530/; classtype:trojan-activity;sid:84154630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.34.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291531/; classtype:trojan-activity;sid:84154631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.23.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291529/; classtype:trojan-activity;sid:84154629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.87.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291528/; classtype:trojan-activity;sid:84154628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.6.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291527/; classtype:trojan-activity;sid:84154627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291526)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.39.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291526/; classtype:trojan-activity;sid:84154626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.126.138.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291525/; classtype:trojan-activity;sid:84154625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.69.59.198"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291523/; classtype:trojan-activity;sid:84154623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.44.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291524/; classtype:trojan-activity;sid:84154624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.178.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291522/; classtype:trojan-activity;sid:84154622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.94.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291521/; classtype:trojan-activity;sid:84154621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.213.69.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291520/; classtype:trojan-activity;sid:84154620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291519/; classtype:trojan-activity;sid:84154619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.13.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291518/; classtype:trojan-activity;sid:84154618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.107.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291515/; classtype:trojan-activity;sid:84154615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.214.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291516/; classtype:trojan-activity;sid:84154616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.220.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291517/; classtype:trojan-activity;sid:84154617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.150.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291514/; classtype:trojan-activity;sid:84154614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291513/; classtype:trojan-activity;sid:84154613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.36.44.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291512/; classtype:trojan-activity;sid:84154612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.201.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291511/; classtype:trojan-activity;sid:84154611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.23.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291510/; classtype:trojan-activity;sid:84154610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.196.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291509/; classtype:trojan-activity;sid:84154609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.235.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291508/; classtype:trojan-activity;sid:84154608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.230.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291507/; classtype:trojan-activity;sid:84154607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.39.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291506/; classtype:trojan-activity;sid:84154606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.24.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291505/; classtype:trojan-activity;sid:84154605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.87.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291504/; classtype:trojan-activity;sid:84154604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291501)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/rrrrooosaa-1318a.appspot.com/o/roda%20privated%2fcitacion%20rama%20judicial-pdf.bz2|3f|alt=media|7c|26|7c|token=e36192b2-6ec9-4a55-8271-07b1f3aded68"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291501/; classtype:trojan-activity;sid:84154601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291502)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/ig05j620cx7w0yshskdqk/2notificaci-n-electr-ncia-judicial-esm-agradecemos-confirmar-recibido-15.tar.uue.tar.001|3f|rlkey=1ornxe06529961j3gqyfcgfyk|7c|26|7c|st=gnkl8xiw|7c|26|7c|dl=0"; http_uri; depth:188; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291502/; classtype:trojan-activity;sid:84154602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291503)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/ulzkomtc2b3byukh0i31u/notificaci-n-electr-nica-rama-judicial-de-poder-p-blico-agradecemos-confirmar-recibido.tar.uue.tar.001|3f|rlkey=6cke6338ze78lomgilwp94y2e|7c|26|7c|st=p84dq964|7c|26|7c|dl=0"; http_uri; depth:202; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291503/; classtype:trojan-activity;sid:84154603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291500)"; flow:established,from_client; content:"GET"; http_method; content:"/api/file/1f2f8dcd-4562-4d52-94e1-b5460d55c3ec/download"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"files.offshore.cat"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291500/; classtype:trojan-activity;sid:84154600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291498)"; flow:established,from_client; content:"GET"; http_method; content:"/file.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.196.8.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291498/; classtype:trojan-activity;sid:84154598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291499)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yodfepqh8rrmnanmw_wvqyik9qsts9aj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291499/; classtype:trojan-activity;sid:84154599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.177.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291497/; classtype:trojan-activity;sid:84154597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.80.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291496/; classtype:trojan-activity;sid:84154596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.155.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291495/; classtype:trojan-activity;sid:84154595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.13.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291494/; classtype:trojan-activity;sid:84154594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.150.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291493/; classtype:trojan-activity;sid:84154593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.194.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291492/; classtype:trojan-activity;sid:84154592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.132.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291491/; classtype:trojan-activity;sid:84154591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.238.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291490/; classtype:trojan-activity;sid:84154590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.140.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291489/; classtype:trojan-activity;sid:84154589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.4.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291488/; classtype:trojan-activity;sid:84154588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.25.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291487/; classtype:trojan-activity;sid:84154587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.0.79.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291486/; classtype:trojan-activity;sid:84154586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.179.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291485/; classtype:trojan-activity;sid:84154585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.109.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291484/; classtype:trojan-activity;sid:84154584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.93.57.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291483/; classtype:trojan-activity;sid:84154583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.196.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291482/; classtype:trojan-activity;sid:84154582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.147.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291480/; classtype:trojan-activity;sid:84154580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.59.198"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291481/; classtype:trojan-activity;sid:84154581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.26.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291479/; classtype:trojan-activity;sid:84154579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.8.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291478/; classtype:trojan-activity;sid:84154578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.95.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291477/; classtype:trojan-activity;sid:84154577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.250.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291476/; classtype:trojan-activity;sid:84154576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.178.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291475/; classtype:trojan-activity;sid:84154575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.155.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291473/; classtype:trojan-activity;sid:84154573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.56.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291474/; classtype:trojan-activity;sid:84154574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.39.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291472/; classtype:trojan-activity;sid:84154572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.152.20.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291471/; classtype:trojan-activity;sid:84154571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.121.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291470/; classtype:trojan-activity;sid:84154570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.57.179.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291468/; classtype:trojan-activity;sid:84154568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.97.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291469/; classtype:trojan-activity;sid:84154569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.135.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291467/; classtype:trojan-activity;sid:84154567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.80.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291466/; classtype:trojan-activity;sid:84154566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.113.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291465/; classtype:trojan-activity;sid:84154565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.179.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291464/; classtype:trojan-activity;sid:84154564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.136.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291463/; classtype:trojan-activity;sid:84154563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.56.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291462/; classtype:trojan-activity;sid:84154562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.253.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291461/; classtype:trojan-activity;sid:84154561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.179.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291460/; classtype:trojan-activity;sid:84154560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.78.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291458/; classtype:trojan-activity;sid:84154558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.195.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291459/; classtype:trojan-activity;sid:84154559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.176.80.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291456/; classtype:trojan-activity;sid:84154556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.168.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291457/; classtype:trojan-activity;sid:84154557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.163.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291455/; classtype:trojan-activity;sid:84154555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.109.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291454/; classtype:trojan-activity;sid:84154554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.244.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291453/; classtype:trojan-activity;sid:84154553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.15.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291451/; classtype:trojan-activity;sid:84154551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.248.12.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291452/; classtype:trojan-activity;sid:84154552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.200.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291450/; classtype:trojan-activity;sid:84154550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.174.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291449/; classtype:trojan-activity;sid:84154549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.248.29.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291448/; classtype:trojan-activity;sid:84154548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.230.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291447/; classtype:trojan-activity;sid:84154547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291446)"; flow:established,from_client; content:"GET"; http_method; content:"/m3mastika/dockerfile/raw/refs/heads/main/xmrig"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291446/; classtype:trojan-activity;sid:84154546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.30.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291445/; classtype:trojan-activity;sid:84154545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291444)"; flow:established,from_client; content:"GET"; http_method; content:"/thebig/stories.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.113.115.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291444/; classtype:trojan-activity;sid:84154544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.182.163.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291443/; classtype:trojan-activity;sid:84154543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.16.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291442/; classtype:trojan-activity;sid:84154542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.251.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291440/; classtype:trojan-activity;sid:84154540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.92.240.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291441/; classtype:trojan-activity;sid:84154541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.95.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291439/; classtype:trojan-activity;sid:84154539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.196.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291437/; classtype:trojan-activity;sid:84154537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.114.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291438/; classtype:trojan-activity;sid:84154538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291436/; classtype:trojan-activity;sid:84154536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.194.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291435/; classtype:trojan-activity;sid:84154535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.239.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291434/; classtype:trojan-activity;sid:84154534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.15.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291433/; classtype:trojan-activity;sid:84154533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.138.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291432/; classtype:trojan-activity;sid:84154532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.65.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291429/; classtype:trojan-activity;sid:84154529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.230.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291430/; classtype:trojan-activity;sid:84154530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.5.194"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291431/; classtype:trojan-activity;sid:84154531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.32.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291428/; classtype:trojan-activity;sid:84154528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291427/; classtype:trojan-activity;sid:84154527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.9.100.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291425/; classtype:trojan-activity;sid:84154525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.53.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291426/; classtype:trojan-activity;sid:84154526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.4.86.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291424/; classtype:trojan-activity;sid:84154524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.25.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291421/; classtype:trojan-activity;sid:84154521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291422/; classtype:trojan-activity;sid:84154522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291423/; classtype:trojan-activity;sid:84154523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.182.163.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291420/; classtype:trojan-activity;sid:84154520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.141.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291419/; classtype:trojan-activity;sid:84154519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.225.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291418/; classtype:trojan-activity;sid:84154518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.26.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291417/; classtype:trojan-activity;sid:84154517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291416/; classtype:trojan-activity;sid:84154516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.140.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291415/; classtype:trojan-activity;sid:84154515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.253.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291414/; classtype:trojan-activity;sid:84154514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.239.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291413/; classtype:trojan-activity;sid:84154513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.251.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291412/; classtype:trojan-activity;sid:84154512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.184.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291411/; classtype:trojan-activity;sid:84154511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.90.3.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291409/; classtype:trojan-activity;sid:84154509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291410/; classtype:trojan-activity;sid:84154510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.215.0.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291408/; classtype:trojan-activity;sid:84154508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.194.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291407/; classtype:trojan-activity;sid:84154507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.165.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291406/; classtype:trojan-activity;sid:84154506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.92.240.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291405/; classtype:trojan-activity;sid:84154505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.30.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291404/; classtype:trojan-activity;sid:84154504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291403/; classtype:trojan-activity;sid:84154503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291402)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.63.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291402/; classtype:trojan-activity;sid:84154502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.245.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291401/; classtype:trojan-activity;sid:84154501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.95.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291400/; classtype:trojan-activity;sid:84154500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.32.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291399/; classtype:trojan-activity;sid:84154499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.65.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291398/; classtype:trojan-activity;sid:84154498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.26.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291397/; classtype:trojan-activity;sid:84154497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.138.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291396/; classtype:trojan-activity;sid:84154496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.6.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291395/; classtype:trojan-activity;sid:84154495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291393)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bcf9zlfw0c7jnocdv2fyw3vza2vt9g8wcy"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291393/; classtype:trojan-activity;sid:84154493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291394)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/j3xqi6aixrpgdpe2i0l0xm2gfdfwmlgt61"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291394/; classtype:trojan-activity;sid:84154494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291380)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nhbisdjr87nm9vwnihw7lgclq0kapum309"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291380/; classtype:trojan-activity;sid:84154480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291381)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/izugwyie7hqq6eh2vmwjv2prbcolowytmk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291381/; classtype:trojan-activity;sid:84154481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291382)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/aeihwiwzxaxbdfidxqegvd3y3nmujuexlj"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291382/; classtype:trojan-activity;sid:84154482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291383)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cpyrmlwdb8jamkjfzpneizlpme9lg8hsay"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291383/; classtype:trojan-activity;sid:84154483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291384)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ok6pmk0sm1iaqjuhx0j3fsoiz6rvm4hqhp"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291384/; classtype:trojan-activity;sid:84154484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291385)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/shxv2xaiwh4vupcuctvojadfixsmqrnmwa"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291385/; classtype:trojan-activity;sid:84154485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291386)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/2fzfgtgxopwziwpnf9kulkb5vxsewvmlw1"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291386/; classtype:trojan-activity;sid:84154486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291387)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/j5dx2mqsxmkzg06bocsxaq9hagwo6iohgs"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291387/; classtype:trojan-activity;sid:84154487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291388)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/fyaodlfeic75t03xhqkvzrtxs76xgddov4"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291388/; classtype:trojan-activity;sid:84154488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291389)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/noh6gfpdweg0ryaypykkogwawpt17scxqy"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291389/; classtype:trojan-activity;sid:84154489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291390)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hjacox0jdy6jlwyurghzxpuklqmfel7nnd"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291390/; classtype:trojan-activity;sid:84154490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291391)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/k86m"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291391/; classtype:trojan-activity;sid:84154491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291392)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vlanx3jqi5shlxw9idsvwmfdb1xagkpm5o"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291392/; classtype:trojan-activity;sid:84154492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.169.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291379/; classtype:trojan-activity;sid:84154479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.103.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291377/; classtype:trojan-activity;sid:84154477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.238.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291378/; classtype:trojan-activity;sid:84154478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.223.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291376/; classtype:trojan-activity;sid:84154476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291375/; classtype:trojan-activity;sid:84154475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291373)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/shxv2xaiwh4vupcuctvojadfixsmqrnmwa"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291373/; classtype:trojan-activity;sid:84154473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291374)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nhbisdjr87nm9vwnihw7lgclq0kapum309"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291374/; classtype:trojan-activity;sid:84154474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291372/; classtype:trojan-activity;sid:84154472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291371)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hjacox0jdy6jlwyurghzxpuklqmfel7nnd"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291371/; classtype:trojan-activity;sid:84154471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291363)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/aeihwiwzxaxbdfidxqegvd3y3nmujuexlj"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291363/; classtype:trojan-activity;sid:84154463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291364)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cpyrmlwdb8jamkjfzpneizlpme9lg8hsay"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291364/; classtype:trojan-activity;sid:84154464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291365)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/j3xqi6aixrpgdpe2i0l0xm2gfdfwmlgt61"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291365/; classtype:trojan-activity;sid:84154465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291366)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bcf9zlfw0c7jnocdv2fyw3vza2vt9g8wcy"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291366/; classtype:trojan-activity;sid:84154466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291367)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/izugwyie7hqq6eh2vmwjv2prbcolowytmk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291367/; classtype:trojan-activity;sid:84154467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291368)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ok6pmk0sm1iaqjuhx0j3fsoiz6rvm4hqhp"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291368/; classtype:trojan-activity;sid:84154468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291369)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/fyaodlfeic75t03xhqkvzrtxs76xgddov4"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291369/; classtype:trojan-activity;sid:84154469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291370)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vlanx3jqi5shlxw9idsvwmfdb1xagkpm5o"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291370/; classtype:trojan-activity;sid:84154470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.234.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291359/; classtype:trojan-activity;sid:84154459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291360)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/noh6gfpdweg0ryaypykkogwawpt17scxqy"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291360/; classtype:trojan-activity;sid:84154460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291361)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/2fzfgtgxopwziwpnf9kulkb5vxsewvmlw1"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291361/; classtype:trojan-activity;sid:84154461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291362)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/j5dx2mqsxmkzg06bocsxaq9hagwo6iohgs"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291362/; classtype:trojan-activity;sid:84154462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.56.204.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291357/; classtype:trojan-activity;sid:84154457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.215.0.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291356/; classtype:trojan-activity;sid:84154456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.178.35.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291354/; classtype:trojan-activity;sid:84154454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.159.34.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291355/; classtype:trojan-activity;sid:84154455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.86.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291353/; classtype:trojan-activity;sid:84154453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.178.141.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291352/; classtype:trojan-activity;sid:84154452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.90.3.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291351/; classtype:trojan-activity;sid:84154451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.196.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291350/; classtype:trojan-activity;sid:84154450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.245.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291349/; classtype:trojan-activity;sid:84154449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.55.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291347/; classtype:trojan-activity;sid:84154447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.10.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291348/; classtype:trojan-activity;sid:84154448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.92.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291346/; classtype:trojan-activity;sid:84154446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291345/; classtype:trojan-activity;sid:84154445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291344)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.228.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291344/; classtype:trojan-activity;sid:84154444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.223.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291343/; classtype:trojan-activity;sid:84154443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.248.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291342/; classtype:trojan-activity;sid:84154442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.244.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291341/; classtype:trojan-activity;sid:84154441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.103.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291340/; classtype:trojan-activity;sid:84154440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291339/; classtype:trojan-activity;sid:84154439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.159.34.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291338/; classtype:trojan-activity;sid:84154438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.105.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291337/; classtype:trojan-activity;sid:84154437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.22.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291336/; classtype:trojan-activity;sid:84154436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.91.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291335/; classtype:trojan-activity;sid:84154435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291334)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.175.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291334/; classtype:trojan-activity;sid:84154434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291333)"; flow:established,from_client; content:"GET"; http_method; content:"/hmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291333/; classtype:trojan-activity;sid:84154433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.178.141.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291332/; classtype:trojan-activity;sid:84154432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291328)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291328/; classtype:trojan-activity;sid:84154428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291329)"; flow:established,from_client; content:"GET"; http_method; content:"/vcc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291329/; classtype:trojan-activity;sid:84154429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291330)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291330/; classtype:trojan-activity;sid:84154430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291331)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291331/; classtype:trojan-activity;sid:84154431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291311)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291311/; classtype:trojan-activity;sid:84154411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291312)"; flow:established,from_client; content:"GET"; http_method; content:"/dv.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291312/; classtype:trojan-activity;sid:84154412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291313)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291313/; classtype:trojan-activity;sid:84154413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291314)"; flow:established,from_client; content:"GET"; http_method; content:"/hyb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291314/; classtype:trojan-activity;sid:84154414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291315)"; flow:established,from_client; content:"GET"; http_method; content:"/tpk"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291315/; classtype:trojan-activity;sid:84154415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291316)"; flow:established,from_client; content:"GET"; http_method; content:"/cam"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291316/; classtype:trojan-activity;sid:84154416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291317)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291317/; classtype:trojan-activity;sid:84154417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291318)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291318/; classtype:trojan-activity;sid:84154418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291319)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291319/; classtype:trojan-activity;sid:84154419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291320)"; flow:established,from_client; content:"GET"; http_method; content:"/se.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291320/; classtype:trojan-activity;sid:84154420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291321)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291321/; classtype:trojan-activity;sid:84154421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291322)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291322/; classtype:trojan-activity;sid:84154422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291323)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291323/; classtype:trojan-activity;sid:84154423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291324)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291324/; classtype:trojan-activity;sid:84154424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291325)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291325/; classtype:trojan-activity;sid:84154425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291326)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291326/; classtype:trojan-activity;sid:84154426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291327)"; flow:established,from_client; content:"GET"; http_method; content:"/boa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291327/; classtype:trojan-activity;sid:84154427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.125.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291310/; classtype:trojan-activity;sid:84154410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.10.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291309/; classtype:trojan-activity;sid:84154409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.88.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291308/; classtype:trojan-activity;sid:84154408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.105.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291307/; classtype:trojan-activity;sid:84154407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.191.83.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291306/; classtype:trojan-activity;sid:84154406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.84.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291305/; classtype:trojan-activity;sid:84154405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.55.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291304/; classtype:trojan-activity;sid:84154404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.249.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291303/; classtype:trojan-activity;sid:84154403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.50.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291302/; classtype:trojan-activity;sid:84154402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.195.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291301/; classtype:trojan-activity;sid:84154401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.92.53.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291300/; classtype:trojan-activity;sid:84154400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.34.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291299/; classtype:trojan-activity;sid:84154399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.228.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291298/; classtype:trojan-activity;sid:84154398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291297/; classtype:trojan-activity;sid:84154397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.142.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291296/; classtype:trojan-activity;sid:84154396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.28.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291295/; classtype:trojan-activity;sid:84154395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.189.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291294/; classtype:trojan-activity;sid:84154394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291291)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mijpostontvangen.nl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291291/; classtype:trojan-activity;sid:84154391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291292)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mijpostontvangen.nl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291292/; classtype:trojan-activity;sid:84154392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291293)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mijpostontvangen.nl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291293/; classtype:trojan-activity;sid:84154393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291283)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mijpostontvangen.nl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291283/; classtype:trojan-activity;sid:84154383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291284)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mijpostontvangen.nl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291284/; classtype:trojan-activity;sid:84154384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291285)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mijpostontvangen.nl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291285/; classtype:trojan-activity;sid:84154385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291286)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mijpostontvangen.nl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291286/; classtype:trojan-activity;sid:84154386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291287)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mijpostontvangen.nl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291287/; classtype:trojan-activity;sid:84154387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291288)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mijpostontvangen.nl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291288/; classtype:trojan-activity;sid:84154388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291289)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mijpostontvangen.nl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291289/; classtype:trojan-activity;sid:84154389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291290)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mijpostontvangen.nl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291290/; classtype:trojan-activity;sid:84154390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291282/; classtype:trojan-activity;sid:84154382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.84.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291281/; classtype:trojan-activity;sid:84154381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291280/; classtype:trojan-activity;sid:84154380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.95.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291279/; classtype:trojan-activity;sid:84154379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.28.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291278/; classtype:trojan-activity;sid:84154378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291271)"; flow:established,from_client; content:"GET"; http_method; content:"/phi.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291271/; classtype:trojan-activity;sid:84154371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291272)"; flow:established,from_client; content:"GET"; http_method; content:"/wop"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291272/; classtype:trojan-activity;sid:84154372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291273)"; flow:established,from_client; content:"GET"; http_method; content:"/cn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291273/; classtype:trojan-activity;sid:84154373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291274)"; flow:established,from_client; content:"GET"; http_method; content:"/wert"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291274/; classtype:trojan-activity;sid:84154374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291275)"; flow:established,from_client; content:"GET"; http_method; content:"/n3881.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291275/; classtype:trojan-activity;sid:84154375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291276)"; flow:established,from_client; content:"GET"; http_method; content:"/x"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291276/; classtype:trojan-activity;sid:84154376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291277)"; flow:established,from_client; content:"GET"; http_method; content:"/ah"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291277/; classtype:trojan-activity;sid:84154377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291264)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291264/; classtype:trojan-activity;sid:84154364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291265)"; flow:established,from_client; content:"GET"; http_method; content:"/pdvr"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291265/; classtype:trojan-activity;sid:84154365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291266)"; flow:established,from_client; content:"GET"; http_method; content:"/zxc.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291266/; classtype:trojan-activity;sid:84154366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291267)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291267/; classtype:trojan-activity;sid:84154367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291268)"; flow:established,from_client; content:"GET"; http_method; content:"/buf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291268/; classtype:trojan-activity;sid:84154368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291269)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291269/; classtype:trojan-activity;sid:84154369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291270)"; flow:established,from_client; content:"GET"; http_method; content:"/chomp"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291270/; classtype:trojan-activity;sid:84154370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291263)"; flow:established,from_client; content:"GET"; http_method; content:"/n"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291263/; classtype:trojan-activity;sid:84154363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291261)"; flow:established,from_client; content:"GET"; http_method; content:"/ftpget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291261/; classtype:trojan-activity;sid:84154361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291262)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291262/; classtype:trojan-activity;sid:84154362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.178.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291260/; classtype:trojan-activity;sid:84154360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.64.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291259/; classtype:trojan-activity;sid:84154359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291258)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291258/; classtype:trojan-activity;sid:84154358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291254)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291254/; classtype:trojan-activity;sid:84154354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291255)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291255/; classtype:trojan-activity;sid:84154355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291256)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291256/; classtype:trojan-activity;sid:84154356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291257)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291257/; classtype:trojan-activity;sid:84154357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291253)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291253/; classtype:trojan-activity;sid:84154353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291252)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291252/; classtype:trojan-activity;sid:84154352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291248)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291248/; classtype:trojan-activity;sid:84154348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291249)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291249/; classtype:trojan-activity;sid:84154349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291250)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291250/; classtype:trojan-activity;sid:84154350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291251)"; flow:established,from_client; content:"GET"; http_method; content:"/splm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291251/; classtype:trojan-activity;sid:84154351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291240)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291240/; classtype:trojan-activity;sid:84154340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291241)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291241/; classtype:trojan-activity;sid:84154341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291242)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291242/; classtype:trojan-activity;sid:84154342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291243)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291243/; classtype:trojan-activity;sid:84154343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291244)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291244/; classtype:trojan-activity;sid:84154344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291245)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291245/; classtype:trojan-activity;sid:84154345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291246)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291246/; classtype:trojan-activity;sid:84154346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291247)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291247/; classtype:trojan-activity;sid:84154347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.185.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291228/; classtype:trojan-activity;sid:84154328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.88.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291227/; classtype:trojan-activity;sid:84154327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291226)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"159.100.17.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291226/; classtype:trojan-activity;sid:84154326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.178.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291225/; classtype:trojan-activity;sid:84154325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291223)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.100.17.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291223/; classtype:trojan-activity;sid:84154323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291224)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.100.17.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291224/; classtype:trojan-activity;sid:84154324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.200.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291222/; classtype:trojan-activity;sid:84154322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291221)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291221/; classtype:trojan-activity;sid:84154321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291208)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291208/; classtype:trojan-activity;sid:84154308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291209)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291209/; classtype:trojan-activity;sid:84154309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291210)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291210/; classtype:trojan-activity;sid:84154310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291211)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291211/; classtype:trojan-activity;sid:84154311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291212)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291212/; classtype:trojan-activity;sid:84154312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291213)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291213/; classtype:trojan-activity;sid:84154313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291214)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291214/; classtype:trojan-activity;sid:84154314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291215)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291215/; classtype:trojan-activity;sid:84154315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291216)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291216/; classtype:trojan-activity;sid:84154316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291217)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291217/; classtype:trojan-activity;sid:84154317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291218)"; flow:established,from_client; content:"GET"; http_method; content:"/zeros6x.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291218/; classtype:trojan-activity;sid:84154318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291219)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291219/; classtype:trojan-activity;sid:84154319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291220)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291220/; classtype:trojan-activity;sid:84154320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.98.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291207/; classtype:trojan-activity;sid:84154307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.1.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291205/; classtype:trojan-activity;sid:84154305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.187.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291206/; classtype:trojan-activity;sid:84154306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291204)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.244.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291204/; classtype:trojan-activity;sid:84154304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291203)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291203/; classtype:trojan-activity;sid:84154303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.180.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291202/; classtype:trojan-activity;sid:84154302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.200.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291201/; classtype:trojan-activity;sid:84154301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.213.239.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291200/; classtype:trojan-activity;sid:84154300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.218.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291199/; classtype:trojan-activity;sid:84154299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291197/; classtype:trojan-activity;sid:84154297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.189.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291198/; classtype:trojan-activity;sid:84154298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.34.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291196/; classtype:trojan-activity;sid:84154296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.22.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291195/; classtype:trojan-activity;sid:84154295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.209.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291194/; classtype:trojan-activity;sid:84154294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.7.64"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291193/; classtype:trojan-activity;sid:84154293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.220.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291192/; classtype:trojan-activity;sid:84154292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291191/; classtype:trojan-activity;sid:84154291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.17.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291189/; classtype:trojan-activity;sid:84154289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.20.228.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291190/; classtype:trojan-activity;sid:84154290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.90.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291188/; classtype:trojan-activity;sid:84154288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.247.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291187/; classtype:trojan-activity;sid:84154287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.200.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291186/; classtype:trojan-activity;sid:84154286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.58.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291185/; classtype:trojan-activity;sid:84154285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.191.81.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291184/; classtype:trojan-activity;sid:84154284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.180.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291183/; classtype:trojan-activity;sid:84154283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.62.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291182/; classtype:trojan-activity;sid:84154282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.141.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291181/; classtype:trojan-activity;sid:84154281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.254.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291180/; classtype:trojan-activity;sid:84154280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.88.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291178/; classtype:trojan-activity;sid:84154278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.83.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291179/; classtype:trojan-activity;sid:84154279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.42.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291177/; classtype:trojan-activity;sid:84154277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.213.239.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291176/; classtype:trojan-activity;sid:84154276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.61.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291175/; classtype:trojan-activity;sid:84154275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.208.156.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291174/; classtype:trojan-activity;sid:84154274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.114.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291173/; classtype:trojan-activity;sid:84154273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.190.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291172/; classtype:trojan-activity;sid:84154272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.19.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291171/; classtype:trojan-activity;sid:84154271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291170/; classtype:trojan-activity;sid:84154270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.156.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291169/; classtype:trojan-activity;sid:84154269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.113.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291168/; classtype:trojan-activity;sid:84154268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.233.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291167/; classtype:trojan-activity;sid:84154267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.173.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291166/; classtype:trojan-activity;sid:84154266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291165/; classtype:trojan-activity;sid:84154265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.104.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291164/; classtype:trojan-activity;sid:84154264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.203.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291163/; classtype:trojan-activity;sid:84154263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.0.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291162/; classtype:trojan-activity;sid:84154262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.58.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291161/; classtype:trojan-activity;sid:84154261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.207.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291160/; classtype:trojan-activity;sid:84154260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.6.91.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291159/; classtype:trojan-activity;sid:84154259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.143.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291158/; classtype:trojan-activity;sid:84154258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.27.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291157/; classtype:trojan-activity;sid:84154257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291156)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.228.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291156/; classtype:trojan-activity;sid:84154256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.81.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291155/; classtype:trojan-activity;sid:84154255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.254.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291154/; classtype:trojan-activity;sid:84154254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.88.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291153/; classtype:trojan-activity;sid:84154253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.14.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291151/; classtype:trojan-activity;sid:84154251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.208.156.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291152/; classtype:trojan-activity;sid:84154252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291150)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.151.72.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291150/; classtype:trojan-activity;sid:84154250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.156.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291149/; classtype:trojan-activity;sid:84154249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.213.185.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291148/; classtype:trojan-activity;sid:84154248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.111.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291147/; classtype:trojan-activity;sid:84154247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.221.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291145/; classtype:trojan-activity;sid:84154245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.27.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291146/; classtype:trojan-activity;sid:84154246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.13.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291144/; classtype:trojan-activity;sid:84154244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.217.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291143/; classtype:trojan-activity;sid:84154243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.169.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291142/; classtype:trojan-activity;sid:84154242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.184.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291141/; classtype:trojan-activity;sid:84154241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.0.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291140/; classtype:trojan-activity;sid:84154240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.211.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291139/; classtype:trojan-activity;sid:84154239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.74.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291138/; classtype:trojan-activity;sid:84154238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.13.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291137/; classtype:trojan-activity;sid:84154237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.226.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291135/; classtype:trojan-activity;sid:84154235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.92.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291136/; classtype:trojan-activity;sid:84154236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.27.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291134/; classtype:trojan-activity;sid:84154234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.111.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291133/; classtype:trojan-activity;sid:84154233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.238.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291132/; classtype:trojan-activity;sid:84154232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.195.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291131/; classtype:trojan-activity;sid:84154231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.183.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291130/; classtype:trojan-activity;sid:84154230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.17.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291129/; classtype:trojan-activity;sid:84154229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.221.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291128/; classtype:trojan-activity;sid:84154228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.245.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291127/; classtype:trojan-activity;sid:84154227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.41.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291126/; classtype:trojan-activity;sid:84154226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.22.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291125/; classtype:trojan-activity;sid:84154225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.213.185.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291124/; classtype:trojan-activity;sid:84154224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.69.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291123/; classtype:trojan-activity;sid:84154223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291122)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"31.172.87.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291122/; classtype:trojan-activity;sid:84154222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291121)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"31.172.87.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291121/; classtype:trojan-activity;sid:84154221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291120)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291120/; classtype:trojan-activity;sid:84154220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291118)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"31.172.87.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291118/; classtype:trojan-activity;sid:84154218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291119)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291119/; classtype:trojan-activity;sid:84154219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291106)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"31.172.87.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291106/; classtype:trojan-activity;sid:84154206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291107)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291107/; classtype:trojan-activity;sid:84154207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291108)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"159.100.17.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291108/; classtype:trojan-activity;sid:84154208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291109)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291109/; classtype:trojan-activity;sid:84154209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291110)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291110/; classtype:trojan-activity;sid:84154210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291111)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291111/; classtype:trojan-activity;sid:84154211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291112)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291112/; classtype:trojan-activity;sid:84154212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291113)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291113/; classtype:trojan-activity;sid:84154213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291114)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291114/; classtype:trojan-activity;sid:84154214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291115)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291115/; classtype:trojan-activity;sid:84154215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291116)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291116/; classtype:trojan-activity;sid:84154216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291117)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"159.100.17.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291117/; classtype:trojan-activity;sid:84154217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291095)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291095/; classtype:trojan-activity;sid:84154195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291096)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.111.248.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291096/; classtype:trojan-activity;sid:84154196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291097)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291097/; classtype:trojan-activity;sid:84154197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291098)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"31.172.87.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291098/; classtype:trojan-activity;sid:84154198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291099)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291099/; classtype:trojan-activity;sid:84154199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291100)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291100/; classtype:trojan-activity;sid:84154200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291101)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291101/; classtype:trojan-activity;sid:84154201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291102)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291102/; classtype:trojan-activity;sid:84154202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291103)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291103/; classtype:trojan-activity;sid:84154203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291104)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291104/; classtype:trojan-activity;sid:84154204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291105)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"31.172.87.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291105/; classtype:trojan-activity;sid:84154205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291082)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"31.172.87.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291082/; classtype:trojan-activity;sid:84154182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291083)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291083/; classtype:trojan-activity;sid:84154183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291084)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291084/; classtype:trojan-activity;sid:84154184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291085)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291085/; classtype:trojan-activity;sid:84154185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291086)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"31.172.87.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291086/; classtype:trojan-activity;sid:84154186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291087)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291087/; classtype:trojan-activity;sid:84154187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291088)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291088/; classtype:trojan-activity;sid:84154188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291089)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.111.248.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291089/; classtype:trojan-activity;sid:84154189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291090)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.111.248.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291090/; classtype:trojan-activity;sid:84154190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291091)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291091/; classtype:trojan-activity;sid:84154191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291092)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291092/; classtype:trojan-activity;sid:84154192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291093)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"159.100.17.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291093/; classtype:trojan-activity;sid:84154193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291094)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291094/; classtype:trojan-activity;sid:84154194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291075)"; flow:established,from_client; content:"GET"; http_method; content:"/iarm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291075/; classtype:trojan-activity;sid:84154175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291076)"; flow:established,from_client; content:"GET"; http_method; content:"/impsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291076/; classtype:trojan-activity;sid:84154176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291077)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"159.100.17.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291077/; classtype:trojan-activity;sid:84154177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291078)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291078/; classtype:trojan-activity;sid:84154178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291079)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"159.100.17.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291079/; classtype:trojan-activity;sid:84154179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291080)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"159.100.17.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291080/; classtype:trojan-activity;sid:84154180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291081)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291081/; classtype:trojan-activity;sid:84154181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291071)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cf8qewhwdk8fcd3gsogb3qng5zqf9iae69"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291071/; classtype:trojan-activity;sid:84154171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291072)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291072/; classtype:trojan-activity;sid:84154172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291073)"; flow:established,from_client; content:"GET"; http_method; content:"/iarm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291073/; classtype:trojan-activity;sid:84154173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291074)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lt0vogridzxygkqztcjvnbsckhuod3zxth"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291074/; classtype:trojan-activity;sid:84154174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291067)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291067/; classtype:trojan-activity;sid:84154167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291068)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.111.248.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291068/; classtype:trojan-activity;sid:84154168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291069)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ffrvz09r2licqdxjaso1kmtkk8devvyaux"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291069/; classtype:trojan-activity;sid:84154169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291070)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.111.248.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291070/; classtype:trojan-activity;sid:84154170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291064)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"31.172.87.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291064/; classtype:trojan-activity;sid:84154164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291065)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/qpbdlm6aamw4xz12eod4n6qhmuh5nkgq8s"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291065/; classtype:trojan-activity;sid:84154165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291066)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.111.248.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291066/; classtype:trojan-activity;sid:84154166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291063)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291063/; classtype:trojan-activity;sid:84154163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291061)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.111.248.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291061/; classtype:trojan-activity;sid:84154161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291062)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291062/; classtype:trojan-activity;sid:84154162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291058)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.111.248.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291058/; classtype:trojan-activity;sid:84154158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291059)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.111.248.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291059/; classtype:trojan-activity;sid:84154159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291060)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/3d1uqc3dgvwjwjawnbq0z1plguvwmmlvi8"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291060/; classtype:trojan-activity;sid:84154160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291050)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"159.100.17.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291050/; classtype:trojan-activity;sid:84154150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291051)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dm82owjr2l0updpkn2bnmqe8vaqrcrhkae"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291051/; classtype:trojan-activity;sid:84154151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291052)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291052/; classtype:trojan-activity;sid:84154152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291053)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kf9nmxio9gac5yg9mcyk86dlind2zzfr7e"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291053/; classtype:trojan-activity;sid:84154153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291054)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/iaqe2zigerudcesq4jacnz68whqc87w68u"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291054/; classtype:trojan-activity;sid:84154154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291055)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"159.100.17.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291055/; classtype:trojan-activity;sid:84154155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291056)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lblwwho8u8skjn2upkoklllrr4zf1uvc4k"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291056/; classtype:trojan-activity;sid:84154156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291057)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291057/; classtype:trojan-activity;sid:84154157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291040)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291040/; classtype:trojan-activity;sid:84154140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291041)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"31.172.87.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291041/; classtype:trojan-activity;sid:84154141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291042)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kqcf2qqd1h20ydcuuvmrfpz4rcrlkqcura"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291042/; classtype:trojan-activity;sid:84154142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291043)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291043/; classtype:trojan-activity;sid:84154143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291044)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291044/; classtype:trojan-activity;sid:84154144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291045)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"159.100.17.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291045/; classtype:trojan-activity;sid:84154145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291046)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"159.100.17.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291046/; classtype:trojan-activity;sid:84154146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291047)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"159.100.17.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291047/; classtype:trojan-activity;sid:84154147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291048)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"31.172.87.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291048/; classtype:trojan-activity;sid:84154148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291049)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291049/; classtype:trojan-activity;sid:84154149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291017)"; flow:established,from_client; content:"GET"; http_method; content:"/iarm4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291017/; classtype:trojan-activity;sid:84154117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291018)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291018/; classtype:trojan-activity;sid:84154118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291019)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291019/; classtype:trojan-activity;sid:84154119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291020)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291020/; classtype:trojan-activity;sid:84154120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291021)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291021/; classtype:trojan-activity;sid:84154121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291022)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291022/; classtype:trojan-activity;sid:84154122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291023)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291023/; classtype:trojan-activity;sid:84154123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291024)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291024/; classtype:trojan-activity;sid:84154124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291025)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"31.172.87.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291025/; classtype:trojan-activity;sid:84154125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291026)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291026/; classtype:trojan-activity;sid:84154126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291027)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291027/; classtype:trojan-activity;sid:84154127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291028)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291028/; classtype:trojan-activity;sid:84154128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291029)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291029/; classtype:trojan-activity;sid:84154129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291030)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291030/; classtype:trojan-activity;sid:84154130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291031)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291031/; classtype:trojan-activity;sid:84154131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291032)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.216.16.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291032/; classtype:trojan-activity;sid:84154132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291033)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291033/; classtype:trojan-activity;sid:84154133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291034)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291034/; classtype:trojan-activity;sid:84154134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291035)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291035/; classtype:trojan-activity;sid:84154135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291036)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291036/; classtype:trojan-activity;sid:84154136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291037)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291037/; classtype:trojan-activity;sid:84154137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291038)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291038/; classtype:trojan-activity;sid:84154138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291039)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291039/; classtype:trojan-activity;sid:84154139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291015)"; flow:established,from_client; content:"GET"; http_method; content:"/ix86_64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291015/; classtype:trojan-activity;sid:84154115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291016)"; flow:established,from_client; content:"GET"; http_method; content:"/imips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291016/; classtype:trojan-activity;sid:84154116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291014)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/8plvnyqmlpnyak9kttpf8qmjbyokfiahkb"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291014/; classtype:trojan-activity;sid:84154114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291013)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.111.248.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291013/; classtype:trojan-activity;sid:84154113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291012)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.111.248.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291012/; classtype:trojan-activity;sid:84154112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291011)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/8frkb3xkdjhtachkesnr5fb4df8kbhwshy"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291011/; classtype:trojan-activity;sid:84154111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291010)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xqyn5bk5myooq62wwzw5ka5dqaemarlllq"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291010/; classtype:trojan-activity;sid:84154110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291009)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/fsa0simcewmpcaoir9ks9optg5xktlmu6e"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291009/; classtype:trojan-activity;sid:84154109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.226.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291008/; classtype:trojan-activity;sid:84154108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.233.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291007/; classtype:trojan-activity;sid:84154107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.41.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291006/; classtype:trojan-activity;sid:84154106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.13.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291005/; classtype:trojan-activity;sid:84154105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.244.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291004/; classtype:trojan-activity;sid:84154104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.242.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291003/; classtype:trojan-activity;sid:84154103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.17.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291002/; classtype:trojan-activity;sid:84154102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291001/; classtype:trojan-activity;sid:84154101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.223.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291000/; classtype:trojan-activity;sid:84154100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.245.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290999/; classtype:trojan-activity;sid:84154099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.184.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290998/; classtype:trojan-activity;sid:84154098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.248.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290997/; classtype:trojan-activity;sid:84154097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.42.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290996/; classtype:trojan-activity;sid:84154096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.236.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290995/; classtype:trojan-activity;sid:84154095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.204.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290994/; classtype:trojan-activity;sid:84154094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290993)"; flow:established,from_client; content:"GET"; http_method; content:"/gotocheckout"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ppzdn.events.socalpocis.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290993/; classtype:trojan-activity;sid:84154093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.148.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290992/; classtype:trojan-activity;sid:84154092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.224.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290991/; classtype:trojan-activity;sid:84154091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.178.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290990/; classtype:trojan-activity;sid:84154090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.29.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290989/; classtype:trojan-activity;sid:84154089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.241.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290988/; classtype:trojan-activity;sid:84154088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.25.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290987/; classtype:trojan-activity;sid:84154087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290986/; classtype:trojan-activity;sid:84154086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290985/; classtype:trojan-activity;sid:84154085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.241.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290984/; classtype:trojan-activity;sid:84154084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.253.170.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290983/; classtype:trojan-activity;sid:84154083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.240.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290982/; classtype:trojan-activity;sid:84154082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.224.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290981/; classtype:trojan-activity;sid:84154081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.144.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290980/; classtype:trojan-activity;sid:84154080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.253.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290979/; classtype:trojan-activity;sid:84154079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.165.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290978/; classtype:trojan-activity;sid:84154078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.10.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290977/; classtype:trojan-activity;sid:84154077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.177.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290976/; classtype:trojan-activity;sid:84154076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.241.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290975/; classtype:trojan-activity;sid:84154075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.177.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290974/; classtype:trojan-activity;sid:84154074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.163.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290973/; classtype:trojan-activity;sid:84154073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290972)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"leadbase.cloud"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290972/; classtype:trojan-activity;sid:84154072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.93.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290971/; classtype:trojan-activity;sid:84154071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.209.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290970/; classtype:trojan-activity;sid:84154070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.103.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290969/; classtype:trojan-activity;sid:84154069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.226.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290968/; classtype:trojan-activity;sid:84154068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.53.219"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290967/; classtype:trojan-activity;sid:84154067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290965)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.135.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290965/; classtype:trojan-activity;sid:84154065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.188.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290966/; classtype:trojan-activity;sid:84154066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.201.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290964/; classtype:trojan-activity;sid:84154064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.81.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290963/; classtype:trojan-activity;sid:84154063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290962/; classtype:trojan-activity;sid:84154062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.165.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290961/; classtype:trojan-activity;sid:84154061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.102.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290959/; classtype:trojan-activity;sid:84154059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.144.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290960/; classtype:trojan-activity;sid:84154060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.29.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290958/; classtype:trojan-activity;sid:84154058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290957)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.178.12.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290957/; classtype:trojan-activity;sid:84154057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.251.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290954/; classtype:trojan-activity;sid:84154054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.42.127.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290955/; classtype:trojan-activity;sid:84154055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.42.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290956/; classtype:trojan-activity;sid:84154056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.163.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290953/; classtype:trojan-activity;sid:84154053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.226.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290952/; classtype:trojan-activity;sid:84154052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.166.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290951/; classtype:trojan-activity;sid:84154051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.247.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290950/; classtype:trojan-activity;sid:84154050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.53.219"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290949/; classtype:trojan-activity;sid:84154049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.201.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290948/; classtype:trojan-activity;sid:84154048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.202.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290947/; classtype:trojan-activity;sid:84154047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.185.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290946/; classtype:trojan-activity;sid:84154046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.22.123.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290945/; classtype:trojan-activity;sid:84154045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290943/; classtype:trojan-activity;sid:84154043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.163.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290944/; classtype:trojan-activity;sid:84154044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.102.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290942/; classtype:trojan-activity;sid:84154042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.197.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290941/; classtype:trojan-activity;sid:84154041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.185.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290940/; classtype:trojan-activity;sid:84154040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.72.210.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290939/; classtype:trojan-activity;sid:84154039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.207.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290938/; classtype:trojan-activity;sid:84154038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.29.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290937/; classtype:trojan-activity;sid:84154037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.81.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290936/; classtype:trojan-activity;sid:84154036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.224.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290934/; classtype:trojan-activity;sid:84154034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.214.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290935/; classtype:trojan-activity;sid:84154035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.100.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290933/; classtype:trojan-activity;sid:84154033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.100.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290932/; classtype:trojan-activity;sid:84154032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.202.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290930/; classtype:trojan-activity;sid:84154030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.174.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290931/; classtype:trojan-activity;sid:84154031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290929/; classtype:trojan-activity;sid:84154029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.28.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290928/; classtype:trojan-activity;sid:84154028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.218.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290927/; classtype:trojan-activity;sid:84154027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.185.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290926/; classtype:trojan-activity;sid:84154026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.214.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290925/; classtype:trojan-activity;sid:84154025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.207.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290923/; classtype:trojan-activity;sid:84154023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.197.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290924/; classtype:trojan-activity;sid:84154024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290922/; classtype:trojan-activity;sid:84154022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.8.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290921/; classtype:trojan-activity;sid:84154021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.24.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290920/; classtype:trojan-activity;sid:84154020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.176.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290918/; classtype:trojan-activity;sid:84154018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.88.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290919/; classtype:trojan-activity;sid:84154019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.4.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290917/; classtype:trojan-activity;sid:84154017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.81.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290916/; classtype:trojan-activity;sid:84154016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.176.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290915/; classtype:trojan-activity;sid:84154015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.8.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290914/; classtype:trojan-activity;sid:84154014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.224.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290913/; classtype:trojan-activity;sid:84154013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.26.81.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290912/; classtype:trojan-activity;sid:84154012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.24.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290911/; classtype:trojan-activity;sid:84154011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.100.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290910/; classtype:trojan-activity;sid:84154010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.250.127.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290909/; classtype:trojan-activity;sid:84154009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.183.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290908/; classtype:trojan-activity;sid:84154008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.118.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290907/; classtype:trojan-activity;sid:84154007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.218.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290906/; classtype:trojan-activity;sid:84154006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.229.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290905/; classtype:trojan-activity;sid:84154005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.67.84.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290904/; classtype:trojan-activity;sid:84154004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.88.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290903/; classtype:trojan-activity;sid:84154003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.75.180.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290902/; classtype:trojan-activity;sid:84154002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.88.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290900/; classtype:trojan-activity;sid:84154000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.75.180.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290901/; classtype:trojan-activity;sid:84154001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"198.2.88.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290899/; classtype:trojan-activity;sid:84153999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.4.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290898/; classtype:trojan-activity;sid:84153998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.10.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290897/; classtype:trojan-activity;sid:84153997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.45.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290896/; classtype:trojan-activity;sid:84153996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.154.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290895/; classtype:trojan-activity;sid:84153995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.118.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290894/; classtype:trojan-activity;sid:84153994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.102.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290893/; classtype:trojan-activity;sid:84153993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.236.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290892/; classtype:trojan-activity;sid:84153992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.2.88.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290891/; classtype:trojan-activity;sid:84153991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.122.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290890/; classtype:trojan-activity;sid:84153990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.72.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290889/; classtype:trojan-activity;sid:84153989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.118.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290888/; classtype:trojan-activity;sid:84153988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290887/; classtype:trojan-activity;sid:84153987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.119.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290886/; classtype:trojan-activity;sid:84153986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.248.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290884/; classtype:trojan-activity;sid:84153984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.10.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290885/; classtype:trojan-activity;sid:84153985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.88.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290883/; classtype:trojan-activity;sid:84153983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.224.28.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290882/; classtype:trojan-activity;sid:84153982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.237.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290881/; classtype:trojan-activity;sid:84153981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.237.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290880/; classtype:trojan-activity;sid:84153980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.118.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290879/; classtype:trojan-activity;sid:84153979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.201.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290878/; classtype:trojan-activity;sid:84153978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.240.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290877/; classtype:trojan-activity;sid:84153977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.40.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290876/; classtype:trojan-activity;sid:84153976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.121.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290874/; classtype:trojan-activity;sid:84153974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290875/; classtype:trojan-activity;sid:84153975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.248.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290873/; classtype:trojan-activity;sid:84153973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.86.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290872/; classtype:trojan-activity;sid:84153972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.122.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290871/; classtype:trojan-activity;sid:84153971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.122.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290870/; classtype:trojan-activity;sid:84153970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.121.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290869/; classtype:trojan-activity;sid:84153969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.4.224.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290868/; classtype:trojan-activity;sid:84153968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.220.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290867/; classtype:trojan-activity;sid:84153967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.209.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290866/; classtype:trojan-activity;sid:84153966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.78.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290865/; classtype:trojan-activity;sid:84153965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290864)"; flow:established,from_client; content:"GET"; http_method; content:"/bitur/kambik.txt"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mubjahuke.b-cdn.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290864/; classtype:trojan-activity;sid:84153964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.85.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290863/; classtype:trojan-activity;sid:84153963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.148.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290862/; classtype:trojan-activity;sid:84153962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.237.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290861/; classtype:trojan-activity;sid:84153961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.114.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290860/; classtype:trojan-activity;sid:84153960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.4.120"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290859/; classtype:trojan-activity;sid:84153959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.158.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290858/; classtype:trojan-activity;sid:84153958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.204.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290857/; classtype:trojan-activity;sid:84153957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.239.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290856/; classtype:trojan-activity;sid:84153956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.30.97.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290854/; classtype:trojan-activity;sid:84153954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.8.28.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290855/; classtype:trojan-activity;sid:84153955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.15.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290853/; classtype:trojan-activity;sid:84153953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290852)"; flow:established,from_client; content:"GET"; http_method; content:"/api/uz/0912545164/wharf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cdn-defac18.studyzone-investmentguru.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290852/; classtype:trojan-activity;sid:84153952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290851)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.251.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290851/; classtype:trojan-activity;sid:84153951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.78.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290849/; classtype:trojan-activity;sid:84153949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.76.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290850/; classtype:trojan-activity;sid:84153950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290848)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cdn3/agreement%20for%20youtube%20cooperation.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"download.document-sharing.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290848/; classtype:trojan-activity;sid:84153948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.245.4.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290847/; classtype:trojan-activity;sid:84153947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290846)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290846/; classtype:trojan-activity;sid:84153946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290845)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290845/; classtype:trojan-activity;sid:84153945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.186.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290844/; classtype:trojan-activity;sid:84153944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290840)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290840/; classtype:trojan-activity;sid:84153940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290841)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290841/; classtype:trojan-activity;sid:84153941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290842)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290842/; classtype:trojan-activity;sid:84153942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290843)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290843/; classtype:trojan-activity;sid:84153943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290839)"; flow:established,from_client; content:"GET"; http_method; content:"/hik.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"byte-main-cnc.n-e.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290839/; classtype:trojan-activity;sid:84153939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290822)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290822/; classtype:trojan-activity;sid:84153922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290823)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290823/; classtype:trojan-activity;sid:84153923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290824)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290824/; classtype:trojan-activity;sid:84153924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290825)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290825/; classtype:trojan-activity;sid:84153925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290826)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290826/; classtype:trojan-activity;sid:84153926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290827)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290827/; classtype:trojan-activity;sid:84153927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290828)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290828/; classtype:trojan-activity;sid:84153928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290829)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290829/; classtype:trojan-activity;sid:84153929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290830)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290830/; classtype:trojan-activity;sid:84153930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290831)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290831/; classtype:trojan-activity;sid:84153931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290832)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290832/; classtype:trojan-activity;sid:84153932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290833)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290833/; classtype:trojan-activity;sid:84153933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290834)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290834/; classtype:trojan-activity;sid:84153934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290835)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290835/; classtype:trojan-activity;sid:84153935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.154.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290836/; classtype:trojan-activity;sid:84153936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290837)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290837/; classtype:trojan-activity;sid:84153937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290838)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290838/; classtype:trojan-activity;sid:84153938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290821)"; flow:established,from_client; content:"GET"; http_method; content:"/hik.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.216.18.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290821/; classtype:trojan-activity;sid:84153921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290820/; classtype:trojan-activity;sid:84153920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.40.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290819/; classtype:trojan-activity;sid:84153919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.85.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290818/; classtype:trojan-activity;sid:84153918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.76.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290816/; classtype:trojan-activity;sid:84153916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.57.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290817/; classtype:trojan-activity;sid:84153917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290815/; classtype:trojan-activity;sid:84153915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.134.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290814/; classtype:trojan-activity;sid:84153914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.127.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290813/; classtype:trojan-activity;sid:84153913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.197.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290812/; classtype:trojan-activity;sid:84153912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.158.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290811/; classtype:trojan-activity;sid:84153911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290809)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290809/; classtype:trojan-activity;sid:84153909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290810)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sparc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290810/; classtype:trojan-activity;sid:84153910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.237.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290808/; classtype:trojan-activity;sid:84153908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290807)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290807/; classtype:trojan-activity;sid:84153907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290781)"; flow:established,from_client; content:"GET"; http_method; content:"/d"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290781/; classtype:trojan-activity;sid:84153881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290782)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290782/; classtype:trojan-activity;sid:84153882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290783)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290783/; classtype:trojan-activity;sid:84153883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290784)"; flow:established,from_client; content:"GET"; http_method; content:"/u"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290784/; classtype:trojan-activity;sid:84153884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290785)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i686"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290785/; classtype:trojan-activity;sid:84153885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290786)"; flow:established,from_client; content:"GET"; http_method; content:"/z"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290786/; classtype:trojan-activity;sid:84153886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290787)"; flow:established,from_client; content:"GET"; http_method; content:"/c1.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290787/; classtype:trojan-activity;sid:84153887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290788)"; flow:established,from_client; content:"GET"; http_method; content:"/c1"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290788/; classtype:trojan-activity;sid:84153888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290789)"; flow:established,from_client; content:"GET"; http_method; content:"/h"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290789/; classtype:trojan-activity;sid:84153889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290790)"; flow:established,from_client; content:"GET"; http_method; content:"/yak.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290790/; classtype:trojan-activity;sid:84153890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290791)"; flow:established,from_client; content:"GET"; http_method; content:"/e"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290791/; classtype:trojan-activity;sid:84153891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290792/; classtype:trojan-activity;sid:84153892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290793)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290793/; classtype:trojan-activity;sid:84153893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290794)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.arm4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290794/; classtype:trojan-activity;sid:84153894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290795)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290795/; classtype:trojan-activity;sid:84153895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290796)"; flow:established,from_client; content:"GET"; http_method; content:"/get.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290796/; classtype:trojan-activity;sid:84153896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290797)"; flow:established,from_client; content:"GET"; http_method; content:"/76d32be0.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290797/; classtype:trojan-activity;sid:84153897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290798)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290798/; classtype:trojan-activity;sid:84153898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290799)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290799/; classtype:trojan-activity;sid:84153899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290800)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290800/; classtype:trojan-activity;sid:84153900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290801)"; flow:established,from_client; content:"GET"; http_method; content:"/r"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290801/; classtype:trojan-activity;sid:84153901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290802)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290802/; classtype:trojan-activity;sid:84153902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290803)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290803/; classtype:trojan-activity;sid:84153903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290804)"; flow:established,from_client; content:"GET"; http_method; content:"/v"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290804/; classtype:trojan-activity;sid:84153904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290805)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290805/; classtype:trojan-activity;sid:84153905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290806)"; flow:established,from_client; content:"GET"; http_method; content:"/splash.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290806/; classtype:trojan-activity;sid:84153906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290780)"; flow:established,from_client; content:"GET"; http_method; content:"/necr0.py"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290780/; classtype:trojan-activity;sid:84153880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290779)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290779/; classtype:trojan-activity;sid:84153879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290770)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290770/; classtype:trojan-activity;sid:84153870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290771)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290771/; classtype:trojan-activity;sid:84153871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290772)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290772/; classtype:trojan-activity;sid:84153872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290773)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290773/; classtype:trojan-activity;sid:84153873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290774)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290774/; classtype:trojan-activity;sid:84153874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290775)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290775/; classtype:trojan-activity;sid:84153875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290776)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290776/; classtype:trojan-activity;sid:84153876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290777)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290777/; classtype:trojan-activity;sid:84153877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290778)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.i686"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290778/; classtype:trojan-activity;sid:84153878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290767)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.sparc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290767/; classtype:trojan-activity;sid:84153867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290768)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290768/; classtype:trojan-activity;sid:84153868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290769)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290769/; classtype:trojan-activity;sid:84153869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290749)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290749/; classtype:trojan-activity;sid:84153849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290750)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.arm4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290750/; classtype:trojan-activity;sid:84153850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290751)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290751/; classtype:trojan-activity;sid:84153851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290752)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.mipsel"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290752/; classtype:trojan-activity;sid:84153852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290753)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290753/; classtype:trojan-activity;sid:84153853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290754)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290754/; classtype:trojan-activity;sid:84153854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290755)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290755/; classtype:trojan-activity;sid:84153855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290756)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290756/; classtype:trojan-activity;sid:84153856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290757)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290757/; classtype:trojan-activity;sid:84153857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290758)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290758/; classtype:trojan-activity;sid:84153858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290759)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290759/; classtype:trojan-activity;sid:84153859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290760)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290760/; classtype:trojan-activity;sid:84153860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290761)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.i586"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290761/; classtype:trojan-activity;sid:84153861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290762)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290762/; classtype:trojan-activity;sid:84153862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290763)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290763/; classtype:trojan-activity;sid:84153863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290764)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290764/; classtype:trojan-activity;sid:84153864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290765)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.i586"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290765/; classtype:trojan-activity;sid:84153865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290766)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290766/; classtype:trojan-activity;sid:84153866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290739)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290739/; classtype:trojan-activity;sid:84153839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290740)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290740/; classtype:trojan-activity;sid:84153840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290741)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290741/; classtype:trojan-activity;sid:84153841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290742)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290742/; classtype:trojan-activity;sid:84153842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290743)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290743/; classtype:trojan-activity;sid:84153843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290744)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290744/; classtype:trojan-activity;sid:84153844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290745)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290745/; classtype:trojan-activity;sid:84153845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290746)"; flow:established,from_client; content:"GET"; http_method; content:"/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290746/; classtype:trojan-activity;sid:84153846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290747)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290747/; classtype:trojan-activity;sid:84153847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290748)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290748/; classtype:trojan-activity;sid:84153848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290730)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290730/; classtype:trojan-activity;sid:84153830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290731)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290731/; classtype:trojan-activity;sid:84153831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290732)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290732/; classtype:trojan-activity;sid:84153832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290733)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290733/; classtype:trojan-activity;sid:84153833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290734)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.sparc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290734/; classtype:trojan-activity;sid:84153834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290735)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290735/; classtype:trojan-activity;sid:84153835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290736)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290736/; classtype:trojan-activity;sid:84153836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290737)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290737/; classtype:trojan-activity;sid:84153837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290738)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290738/; classtype:trojan-activity;sid:84153838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.245.4.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290729/; classtype:trojan-activity;sid:84153829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.177.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290728/; classtype:trojan-activity;sid:84153828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.97.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290727/; classtype:trojan-activity;sid:84153827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290726)"; flow:established,from_client; content:"GET"; http_method; content:"/orderreview"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xke.range.cccinvolve.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290726/; classtype:trojan-activity;sid:84153826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.6.95"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290725/; classtype:trojan-activity;sid:84153825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.34.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290724/; classtype:trojan-activity;sid:84153824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.216.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290722/; classtype:trojan-activity;sid:84153822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.201.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290723/; classtype:trojan-activity;sid:84153823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.153.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290721/; classtype:trojan-activity;sid:84153821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290720/; classtype:trojan-activity;sid:84153820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290719)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/nfpffrc.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290719/; classtype:trojan-activity;sid:84153819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290714)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/heikmof.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290714/; classtype:trojan-activity;sid:84153814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290715)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/skkmrjk.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290715/; classtype:trojan-activity;sid:84153815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290716)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/jgmdraa.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290716/; classtype:trojan-activity;sid:84153816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290717)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/oagnkam.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290717/; classtype:trojan-activity;sid:84153817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290718)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/epsgfak.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290718/; classtype:trojan-activity;sid:84153818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290713)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/oeejpmo.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290713/; classtype:trojan-activity;sid:84153813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.154.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290712/; classtype:trojan-activity;sid:84153812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.237.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290711/; classtype:trojan-activity;sid:84153811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.127.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290710/; classtype:trojan-activity;sid:84153810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.90.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290709/; classtype:trojan-activity;sid:84153809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.236.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290708/; classtype:trojan-activity;sid:84153808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.177.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290707/; classtype:trojan-activity;sid:84153807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.103.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290705/; classtype:trojan-activity;sid:84153805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.230.109.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290706/; classtype:trojan-activity;sid:84153806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.118.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290704/; classtype:trojan-activity;sid:84153804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.57.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290703/; classtype:trojan-activity;sid:84153803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.6.95"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290702/; classtype:trojan-activity;sid:84153802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.48.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290701/; classtype:trojan-activity;sid:84153801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.54.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290700/; classtype:trojan-activity;sid:84153800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.34.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290698/; classtype:trojan-activity;sid:84153798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.65.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290699/; classtype:trojan-activity;sid:84153799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.216.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290697/; classtype:trojan-activity;sid:84153797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290696)"; flow:established,from_client; content:"GET"; http_method; content:"/work/das.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ngt-techs.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290696/; classtype:trojan-activity;sid:84153796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.95.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290695/; classtype:trojan-activity;sid:84153795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.91.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290694/; classtype:trojan-activity;sid:84153794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.249.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290693/; classtype:trojan-activity;sid:84153793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290692/; classtype:trojan-activity;sid:84153792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.119.193.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290691/; classtype:trojan-activity;sid:84153791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.211.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290690/; classtype:trojan-activity;sid:84153790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.177.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290689/; classtype:trojan-activity;sid:84153789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.25.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290688/; classtype:trojan-activity;sid:84153788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.6.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290687/; classtype:trojan-activity;sid:84153787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.194.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290686/; classtype:trojan-activity;sid:84153786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.249.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290685/; classtype:trojan-activity;sid:84153785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290684/; classtype:trojan-activity;sid:84153784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.82.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290682/; classtype:trojan-activity;sid:84153782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.201.137.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290683/; classtype:trojan-activity;sid:84153783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.2.178"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290681/; classtype:trojan-activity;sid:84153781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.86.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290680/; classtype:trojan-activity;sid:84153780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.48.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290679/; classtype:trojan-activity;sid:84153779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.76.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290678/; classtype:trojan-activity;sid:84153778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.86.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290677/; classtype:trojan-activity;sid:84153777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.167.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290676/; classtype:trojan-activity;sid:84153776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.95.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290675/; classtype:trojan-activity;sid:84153775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.91.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290674/; classtype:trojan-activity;sid:84153774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.92.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290673/; classtype:trojan-activity;sid:84153773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.108.90.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290672/; classtype:trojan-activity;sid:84153772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.6.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290671/; classtype:trojan-activity;sid:84153771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.211.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290670/; classtype:trojan-activity;sid:84153770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.167.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290669/; classtype:trojan-activity;sid:84153769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.26.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290668/; classtype:trojan-activity;sid:84153768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.149.153.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290667/; classtype:trojan-activity;sid:84153767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.86.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290666/; classtype:trojan-activity;sid:84153766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.112.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290665/; classtype:trojan-activity;sid:84153765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290664/; classtype:trojan-activity;sid:84153764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.194.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290663/; classtype:trojan-activity;sid:84153763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.229.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290662/; classtype:trojan-activity;sid:84153762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.139.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290661/; classtype:trojan-activity;sid:84153761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.110.3.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290660/; classtype:trojan-activity;sid:84153760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.112.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290659/; classtype:trojan-activity;sid:84153759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.122.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290658/; classtype:trojan-activity;sid:84153758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.242.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290657/; classtype:trojan-activity;sid:84153757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.253.80.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290656/; classtype:trojan-activity;sid:84153756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.90.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290655/; classtype:trojan-activity;sid:84153755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.109.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290654/; classtype:trojan-activity;sid:84153754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.120.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290653/; classtype:trojan-activity;sid:84153753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.49.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290651/; classtype:trojan-activity;sid:84153751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.7.14.39"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290652/; classtype:trojan-activity;sid:84153752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.108.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290650/; classtype:trojan-activity;sid:84153750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.242.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290649/; classtype:trojan-activity;sid:84153749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.120.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290648/; classtype:trojan-activity;sid:84153748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.244.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290647/; classtype:trojan-activity;sid:84153747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.46.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290646/; classtype:trojan-activity;sid:84153746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.155.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290645/; classtype:trojan-activity;sid:84153745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.129.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290644/; classtype:trojan-activity;sid:84153744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290643/; classtype:trojan-activity;sid:84153743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.226.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290642/; classtype:trojan-activity;sid:84153742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.90.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290641/; classtype:trojan-activity;sid:84153741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.100.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290640/; classtype:trojan-activity;sid:84153740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.29.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290639/; classtype:trojan-activity;sid:84153739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290638/; classtype:trojan-activity;sid:84153738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.216.97.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290637/; classtype:trojan-activity;sid:84153737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.162.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290636/; classtype:trojan-activity;sid:84153736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.143.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290635/; classtype:trojan-activity;sid:84153735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.104.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290634/; classtype:trojan-activity;sid:84153734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.149.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290633/; classtype:trojan-activity;sid:84153733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.129.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290632/; classtype:trojan-activity;sid:84153732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.220.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290631/; classtype:trojan-activity;sid:84153731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.219.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290629/; classtype:trojan-activity;sid:84153729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.43.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290630/; classtype:trojan-activity;sid:84153730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.203.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290628/; classtype:trojan-activity;sid:84153728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.155.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290627/; classtype:trojan-activity;sid:84153727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.218.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290626/; classtype:trojan-activity;sid:84153726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.216.97.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290625/; classtype:trojan-activity;sid:84153725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290623/; classtype:trojan-activity;sid:84153723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.105.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290624/; classtype:trojan-activity;sid:84153724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.94.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290622/; classtype:trojan-activity;sid:84153722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.43.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290621/; classtype:trojan-activity;sid:84153721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.209.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290619/; classtype:trojan-activity;sid:84153719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.125.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290620/; classtype:trojan-activity;sid:84153720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.188.80.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290618/; classtype:trojan-activity;sid:84153718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.193.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290617/; classtype:trojan-activity;sid:84153717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.11.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290616/; classtype:trojan-activity;sid:84153716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.193.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290615/; classtype:trojan-activity;sid:84153715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.218.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290614/; classtype:trojan-activity;sid:84153714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.19.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290613/; classtype:trojan-activity;sid:84153713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.28.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290612/; classtype:trojan-activity;sid:84153712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.143.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290611/; classtype:trojan-activity;sid:84153711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.71.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290610/; classtype:trojan-activity;sid:84153710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.159.154.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290609/; classtype:trojan-activity;sid:84153709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.142.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290608/; classtype:trojan-activity;sid:84153708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.219.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290606/; classtype:trojan-activity;sid:84153706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.105.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290607/; classtype:trojan-activity;sid:84153707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.53.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290605/; classtype:trojan-activity;sid:84153705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.254.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290604/; classtype:trojan-activity;sid:84153704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.176.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290603/; classtype:trojan-activity;sid:84153703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.241.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290602/; classtype:trojan-activity;sid:84153702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.11.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290601/; classtype:trojan-activity;sid:84153701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.23.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290600/; classtype:trojan-activity;sid:84153700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.127.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290599/; classtype:trojan-activity;sid:84153699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.27.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290598/; classtype:trojan-activity;sid:84153698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.149.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290597/; classtype:trojan-activity;sid:84153697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.20.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290596/; classtype:trojan-activity;sid:84153696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.40.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290595/; classtype:trojan-activity;sid:84153695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.47.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290594/; classtype:trojan-activity;sid:84153694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.225.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290593/; classtype:trojan-activity;sid:84153693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.149.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290592/; classtype:trojan-activity;sid:84153692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.162.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290591/; classtype:trojan-activity;sid:84153691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.227.185.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290590/; classtype:trojan-activity;sid:84153690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.237.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290589/; classtype:trojan-activity;sid:84153689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.241.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290588/; classtype:trojan-activity;sid:84153688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.71.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290587/; classtype:trojan-activity;sid:84153687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.79.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290586/; classtype:trojan-activity;sid:84153686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.243.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290585/; classtype:trojan-activity;sid:84153685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.181.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290584/; classtype:trojan-activity;sid:84153684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.84.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290583/; classtype:trojan-activity;sid:84153683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.167.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290582/; classtype:trojan-activity;sid:84153682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.17.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290581/; classtype:trojan-activity;sid:84153681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.20.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290580/; classtype:trojan-activity;sid:84153680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.7.58.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290579/; classtype:trojan-activity;sid:84153679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.40.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290577/; classtype:trojan-activity;sid:84153677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.127.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290578/; classtype:trojan-activity;sid:84153678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.47.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290576/; classtype:trojan-activity;sid:84153676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.7.58.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290575/; classtype:trojan-activity;sid:84153675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.108.90.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290574/; classtype:trojan-activity;sid:84153674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.44.144.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290573/; classtype:trojan-activity;sid:84153673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290572/; classtype:trojan-activity;sid:84153672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.167.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290571/; classtype:trojan-activity;sid:84153671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.150.232.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290570/; classtype:trojan-activity;sid:84153670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.164.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290569/; classtype:trojan-activity;sid:84153669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.84.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290568/; classtype:trojan-activity;sid:84153668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.188.251.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290567/; classtype:trojan-activity;sid:84153667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.1.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290566/; classtype:trojan-activity;sid:84153666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.22.141"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290565/; classtype:trojan-activity;sid:84153665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.82.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290564/; classtype:trojan-activity;sid:84153664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.150.232.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290563/; classtype:trojan-activity;sid:84153663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290561/; classtype:trojan-activity;sid:84153661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.118.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290562/; classtype:trojan-activity;sid:84153662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.60.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290560/; classtype:trojan-activity;sid:84153660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.188.251.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290559/; classtype:trojan-activity;sid:84153659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.108.90.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290558/; classtype:trojan-activity;sid:84153658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.234.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290557/; classtype:trojan-activity;sid:84153657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.246.159.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290556/; classtype:trojan-activity;sid:84153656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.103.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290555/; classtype:trojan-activity;sid:84153655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.22.141"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290554/; classtype:trojan-activity;sid:84153654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.176.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290553/; classtype:trojan-activity;sid:84153653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.10.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290552/; classtype:trojan-activity;sid:84153652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.63.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290551/; classtype:trojan-activity;sid:84153651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.194.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290550/; classtype:trojan-activity;sid:84153650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.21.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290549/; classtype:trojan-activity;sid:84153649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.246.159.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290548/; classtype:trojan-activity;sid:84153648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.254.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290547/; classtype:trojan-activity;sid:84153647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.194.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290546/; classtype:trojan-activity;sid:84153646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.240.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290545/; classtype:trojan-activity;sid:84153645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.17.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290544/; classtype:trojan-activity;sid:84153644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.229.107.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290543/; classtype:trojan-activity;sid:84153643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.117.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290542/; classtype:trojan-activity;sid:84153642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.96.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290541/; classtype:trojan-activity;sid:84153641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.66.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290540/; classtype:trojan-activity;sid:84153640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.255.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290539/; classtype:trojan-activity;sid:84153639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.36.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290538/; classtype:trojan-activity;sid:84153638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.92.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290537/; classtype:trojan-activity;sid:84153637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.20.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290536/; classtype:trojan-activity;sid:84153636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.21.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290535/; classtype:trojan-activity;sid:84153635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.252.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290534/; classtype:trojan-activity;sid:84153634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290533/; classtype:trojan-activity;sid:84153633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290532/; classtype:trojan-activity;sid:84153632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.59.102.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290530/; classtype:trojan-activity;sid:84153630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.66.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290531/; classtype:trojan-activity;sid:84153631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.94.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290529/; classtype:trojan-activity;sid:84153629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.116.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290528/; classtype:trojan-activity;sid:84153628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.73.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290527/; classtype:trojan-activity;sid:84153627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290526/; classtype:trojan-activity;sid:84153626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.28.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290525/; classtype:trojan-activity;sid:84153625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.197.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290524/; classtype:trojan-activity;sid:84153624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.255.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290523/; classtype:trojan-activity;sid:84153623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.59.7.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290521/; classtype:trojan-activity;sid:84153621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.167.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290522/; classtype:trojan-activity;sid:84153622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290520/; classtype:trojan-activity;sid:84153620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.43.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290519/; classtype:trojan-activity;sid:84153619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.179.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290518/; classtype:trojan-activity;sid:84153618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.36.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290517/; classtype:trojan-activity;sid:84153617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.59.7.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290516/; classtype:trojan-activity;sid:84153616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.27.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290515/; classtype:trojan-activity;sid:84153615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.228.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290514/; classtype:trojan-activity;sid:84153614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.126.75.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290513/; classtype:trojan-activity;sid:84153613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.129.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290512/; classtype:trojan-activity;sid:84153612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.194.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290511/; classtype:trojan-activity;sid:84153611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.73.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290510/; classtype:trojan-activity;sid:84153610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.116.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290508/; classtype:trojan-activity;sid:84153608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.53.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290509/; classtype:trojan-activity;sid:84153609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.116.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290507/; classtype:trojan-activity;sid:84153607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.101.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290506/; classtype:trojan-activity;sid:84153606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.198.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290505/; classtype:trojan-activity;sid:84153605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.93.132.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290504/; classtype:trojan-activity;sid:84153604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290503/; classtype:trojan-activity;sid:84153603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.138.176.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290502/; classtype:trojan-activity;sid:84153602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.129.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290501/; classtype:trojan-activity;sid:84153601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.9.26"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290500/; classtype:trojan-activity;sid:84153600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.176.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290499/; classtype:trojan-activity;sid:84153599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.73.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290498/; classtype:trojan-activity;sid:84153598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.209.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290497/; classtype:trojan-activity;sid:84153597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.197.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290496/; classtype:trojan-activity;sid:84153596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.154.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290495/; classtype:trojan-activity;sid:84153595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.93.132.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290494/; classtype:trojan-activity;sid:84153594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.212.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290493/; classtype:trojan-activity;sid:84153593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.191.178.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290492/; classtype:trojan-activity;sid:84153592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.253.133.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290491/; classtype:trojan-activity;sid:84153591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.66.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290490/; classtype:trojan-activity;sid:84153590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290489)"; flow:established,from_client; content:"GET"; http_method; content:"/wwbizsrvs.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"27.102.130.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290489/; classtype:trojan-activity;sid:84153589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290488)"; flow:established,from_client; content:"GET"; http_method; content:"/msf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"27.102.130.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290488/; classtype:trojan-activity;sid:84153588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290485)"; flow:established,from_client; content:"GET"; http_method; content:"/wwbizsrvs.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"27.102.130.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290485/; classtype:trojan-activity;sid:84153585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290486)"; flow:established,from_client; content:"GET"; http_method; content:"/msf443.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"27.102.130.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290486/; classtype:trojan-activity;sid:84153586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290487)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"27.102.130.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290487/; classtype:trojan-activity;sid:84153587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290482)"; flow:established,from_client; content:"GET"; http_method; content:"/msf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"27.102.130.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290482/; classtype:trojan-activity;sid:84153582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290483)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"27.102.130.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290483/; classtype:trojan-activity;sid:84153583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290484)"; flow:established,from_client; content:"GET"; http_method; content:"/msf443.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"27.102.130.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290484/; classtype:trojan-activity;sid:84153584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.73.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290481/; classtype:trojan-activity;sid:84153581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290480)"; flow:established,from_client; content:"GET"; http_method; content:"/wwbizsrvs.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"27.102.130.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290480/; classtype:trojan-activity;sid:84153580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.9.26"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290479/; classtype:trojan-activity;sid:84153579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.197.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290478/; classtype:trojan-activity;sid:84153578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290477)"; flow:established,from_client; content:"GET"; http_method; content:"/msf443.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"27.102.130.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290477/; classtype:trojan-activity;sid:84153577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290475)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"27.102.130.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290475/; classtype:trojan-activity;sid:84153575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290476)"; flow:established,from_client; content:"GET"; http_method; content:"/msf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"27.102.130.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290476/; classtype:trojan-activity;sid:84153576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.180.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290474/; classtype:trojan-activity;sid:84153574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.25.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290473/; classtype:trojan-activity;sid:84153573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.125.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290472/; classtype:trojan-activity;sid:84153572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.137.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290471/; classtype:trojan-activity;sid:84153571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.66.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290470/; classtype:trojan-activity;sid:84153570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.191.178.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290469/; classtype:trojan-activity;sid:84153569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.212.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290468/; classtype:trojan-activity;sid:84153568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290467)"; flow:established,from_client; content:"GET"; http_method; content:"/gotocheckout"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"qdofg.strategies.mvpstrat.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290467/; classtype:trojan-activity;sid:84153567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290464)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp0.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"134.195.90.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290464/; classtype:trojan-activity;sid:84153564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290465)"; flow:established,from_client; content:"GET"; http_method; content:"/b8.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"134.195.90.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290465/; classtype:trojan-activity;sid:84153565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.92.103.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290466/; classtype:trojan-activity;sid:84153566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290460)"; flow:established,from_client; content:"GET"; http_method; content:"/t5.dll"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"134.195.90.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290460/; classtype:trojan-activity;sid:84153560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290461)"; flow:established,from_client; content:"GET"; http_method; content:"/7code.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"134.195.90.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290461/; classtype:trojan-activity;sid:84153561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290462)"; flow:established,from_client; content:"GET"; http_method; content:"/t4.dll"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"134.195.90.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290462/; classtype:trojan-activity;sid:84153562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290463)"; flow:established,from_client; content:"GET"; http_method; content:"/90.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"134.195.90.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290463/; classtype:trojan-activity;sid:84153563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290456)"; flow:established,from_client; content:"GET"; http_method; content:"/b7.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"134.195.90.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290456/; classtype:trojan-activity;sid:84153556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290457)"; flow:established,from_client; content:"GET"; http_method; content:"/shellcode.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"134.195.90.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290457/; classtype:trojan-activity;sid:84153557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290458)"; flow:established,from_client; content:"GET"; http_method; content:"/77.ps1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"134.195.90.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290458/; classtype:trojan-activity;sid:84153558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290459)"; flow:established,from_client; content:"GET"; http_method; content:"/17.vba"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"134.195.90.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290459/; classtype:trojan-activity;sid:84153559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.133.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290455/; classtype:trojan-activity;sid:84153555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.32.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290452/; classtype:trojan-activity;sid:84153552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.248.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290453/; classtype:trojan-activity;sid:84153553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.47.188.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290454/; classtype:trojan-activity;sid:84153554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.195.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290451/; classtype:trojan-activity;sid:84153551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.108.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290450/; classtype:trojan-activity;sid:84153550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.174.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290449/; classtype:trojan-activity;sid:84153549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.9.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290448/; classtype:trojan-activity;sid:84153548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.86.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290447/; classtype:trojan-activity;sid:84153547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.26.113.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290446/; classtype:trojan-activity;sid:84153546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290445)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.183.59.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290445/; classtype:trojan-activity;sid:84153545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290444)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2021-34527.ps1"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"38.242.215.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290444/; classtype:trojan-activity;sid:84153544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290443/; classtype:trojan-activity;sid:84153543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.131.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290442/; classtype:trojan-activity;sid:84153542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.251.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290441/; classtype:trojan-activity;sid:84153541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.175.25.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290440/; classtype:trojan-activity;sid:84153540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.17.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290438/; classtype:trojan-activity;sid:84153538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.32.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290439/; classtype:trojan-activity;sid:84153539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.195.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290436/; classtype:trojan-activity;sid:84153536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.199.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290437/; classtype:trojan-activity;sid:84153537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290435)"; flow:established,from_client; content:"GET"; http_method; content:"/wis/clicktime/v1/query|3f|url=https%3a%2f%2fdocs.google.com%2fuc%3fexport%3ddownload%26id%3d1qehwy7iyzbzplalfb_6h10ctyxnqoxq0|7c|26|7c|umid=ab3ff601-35de-4838-99ff-ae76dd48dbbb|7c|26|7c|auth=927c0b1ab45858384aa0e7e4a36abbaf860b921f-63af8e92ed5a20811e6d37a2d0f1f66c3ec1aa1b"; http_uri; depth:273; isdataat:!1,relative; nocase; content:"ddec1-0-en-ctp.trendmicro.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290435/; classtype:trojan-activity;sid:84153535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290434)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|id=116iab6nyzzjxxjh-dcnvszy3lfwxsdan|7c|26|7c|export=download"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"drive.usercontent.google.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290434/; classtype:trojan-activity;sid:84153534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.7.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290433/; classtype:trojan-activity;sid:84153533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.62.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290432/; classtype:trojan-activity;sid:84153532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.99.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290431/; classtype:trojan-activity;sid:84153531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.146.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290430/; classtype:trojan-activity;sid:84153530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.95.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290429/; classtype:trojan-activity;sid:84153529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.65.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290428/; classtype:trojan-activity;sid:84153528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290426)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.248.37.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290426/; classtype:trojan-activity;sid:84153526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290425/; classtype:trojan-activity;sid:84153525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.7.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290424/; classtype:trojan-activity;sid:84153524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.40.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290423/; classtype:trojan-activity;sid:84153523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.36.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290422/; classtype:trojan-activity;sid:84153522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.242.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290421/; classtype:trojan-activity;sid:84153521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290420)"; flow:established,from_client; content:"GET"; http_method; content:"/akrien.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"akrien.wtf"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290420/; classtype:trojan-activity;sid:84153520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.175.25.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290419/; classtype:trojan-activity;sid:84153519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.131.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290418/; classtype:trojan-activity;sid:84153518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290417)"; flow:established,from_client; content:"GET"; http_method; content:"/sshell.service"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.148.10.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290417/; classtype:trojan-activity;sid:84153517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.199.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290416/; classtype:trojan-activity;sid:84153516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.11.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290414/; classtype:trojan-activity;sid:84153514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.32.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290415/; classtype:trojan-activity;sid:84153515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.17.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290413/; classtype:trojan-activity;sid:84153513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.1.170"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290412/; classtype:trojan-activity;sid:84153512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.62.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290411/; classtype:trojan-activity;sid:84153511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.146.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290410/; classtype:trojan-activity;sid:84153510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.7.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290409/; classtype:trojan-activity;sid:84153509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.203.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290408/; classtype:trojan-activity;sid:84153508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.5.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290407/; classtype:trojan-activity;sid:84153507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.137.49.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290406/; classtype:trojan-activity;sid:84153506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290405)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.arm4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290405/; classtype:trojan-activity;sid:84153505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290404)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290404/; classtype:trojan-activity;sid:84153504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290403)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290403/; classtype:trojan-activity;sid:84153503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.199.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290402/; classtype:trojan-activity;sid:84153502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.91.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290400/; classtype:trojan-activity;sid:84153500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.81.151.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290401/; classtype:trojan-activity;sid:84153501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.211.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290399/; classtype:trojan-activity;sid:84153499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.242.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290398/; classtype:trojan-activity;sid:84153498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.5.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290397/; classtype:trojan-activity;sid:84153497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290395)"; flow:established,from_client; content:"GET"; http_method; content:"/carm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.59.134.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290395/; classtype:trojan-activity;sid:84153495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290396)"; flow:established,from_client; content:"GET"; http_method; content:"/sshell.service"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2.59.134.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290396/; classtype:trojan-activity;sid:84153496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290394)"; flow:established,from_client; content:"GET"; http_method; content:"/bot"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"89.116.51.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290394/; classtype:trojan-activity;sid:84153494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290392)"; flow:established,from_client; content:"GET"; http_method; content:"/carm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hyper-gpt.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290392/; classtype:trojan-activity;sid:84153492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290393)"; flow:established,from_client; content:"GET"; http_method; content:"/carm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"getgrass-earn.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290393/; classtype:trojan-activity;sid:84153493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290391)"; flow:established,from_client; content:"GET"; http_method; content:"/carm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.10.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290391/; classtype:trojan-activity;sid:84153491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.246.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290390/; classtype:trojan-activity;sid:84153490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.11.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290389/; classtype:trojan-activity;sid:84153489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.188.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290388/; classtype:trojan-activity;sid:84153488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.203.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290387/; classtype:trojan-activity;sid:84153487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290385)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290385/; classtype:trojan-activity;sid:84153485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290386)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290386/; classtype:trojan-activity;sid:84153486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.137.49.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290384/; classtype:trojan-activity;sid:84153484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290382)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290382/; classtype:trojan-activity;sid:84153482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290383)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290383/; classtype:trojan-activity;sid:84153483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290380)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290380/; classtype:trojan-activity;sid:84153480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290381)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290381/; classtype:trojan-activity;sid:84153481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290376)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290376/; classtype:trojan-activity;sid:84153476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290377)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290377/; classtype:trojan-activity;sid:84153477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290378)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290378/; classtype:trojan-activity;sid:84153478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290379)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290379/; classtype:trojan-activity;sid:84153479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290374)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290374/; classtype:trojan-activity;sid:84153474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290375)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290375/; classtype:trojan-activity;sid:84153475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290367)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290367/; classtype:trojan-activity;sid:84153467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290368)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290368/; classtype:trojan-activity;sid:84153468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290369)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290369/; classtype:trojan-activity;sid:84153469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290370)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290370/; classtype:trojan-activity;sid:84153470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290371)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290371/; classtype:trojan-activity;sid:84153471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290372)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290372/; classtype:trojan-activity;sid:84153472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290373)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290373/; classtype:trojan-activity;sid:84153473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290364)"; flow:established,from_client; content:"GET"; http_method; content:"/c1"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290364/; classtype:trojan-activity;sid:84153464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290365)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290365/; classtype:trojan-activity;sid:84153465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290366)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290366/; classtype:trojan-activity;sid:84153466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290342)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.arm4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290342/; classtype:trojan-activity;sid:84153442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290343)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290343/; classtype:trojan-activity;sid:84153443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290344)"; flow:established,from_client; content:"GET"; http_method; content:"/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290344/; classtype:trojan-activity;sid:84153444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290345)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290345/; classtype:trojan-activity;sid:84153445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290346)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290346/; classtype:trojan-activity;sid:84153446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290347)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290347/; classtype:trojan-activity;sid:84153447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290348)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.sparc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290348/; classtype:trojan-activity;sid:84153448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290349)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290349/; classtype:trojan-activity;sid:84153449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290350)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290350/; classtype:trojan-activity;sid:84153450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290351)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290351/; classtype:trojan-activity;sid:84153451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290352)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290352/; classtype:trojan-activity;sid:84153452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290353)"; flow:established,from_client; content:"GET"; http_method; content:"/76d32be0.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290353/; classtype:trojan-activity;sid:84153453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290354)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290354/; classtype:trojan-activity;sid:84153454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290355)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.i586"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290355/; classtype:trojan-activity;sid:84153455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290356)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290356/; classtype:trojan-activity;sid:84153456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290357)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290357/; classtype:trojan-activity;sid:84153457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290358)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sparc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290358/; classtype:trojan-activity;sid:84153458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290359)"; flow:established,from_client; content:"GET"; http_method; content:"/splash.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290359/; classtype:trojan-activity;sid:84153459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290360)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290360/; classtype:trojan-activity;sid:84153460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290361)"; flow:established,from_client; content:"GET"; http_method; content:"/v"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290361/; classtype:trojan-activity;sid:84153461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290362)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i686"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290362/; classtype:trojan-activity;sid:84153462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290363)"; flow:established,from_client; content:"GET"; http_method; content:"/u"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290363/; classtype:trojan-activity;sid:84153463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290341)"; flow:established,from_client; content:"GET"; http_method; content:"/d"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290341/; classtype:trojan-activity;sid:84153441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290339)"; flow:established,from_client; content:"GET"; http_method; content:"/necr0.py"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290339/; classtype:trojan-activity;sid:84153439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290340)"; flow:established,from_client; content:"GET"; http_method; content:"/z"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290340/; classtype:trojan-activity;sid:84153440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290335)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290335/; classtype:trojan-activity;sid:84153435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290336)"; flow:established,from_client; content:"GET"; http_method; content:"/yak.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290336/; classtype:trojan-activity;sid:84153436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290337)"; flow:established,from_client; content:"GET"; http_method; content:"/r"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290337/; classtype:trojan-activity;sid:84153437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290338)"; flow:established,from_client; content:"GET"; http_method; content:"/c1.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290338/; classtype:trojan-activity;sid:84153438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290332)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290332/; classtype:trojan-activity;sid:84153432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290333)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290333/; classtype:trojan-activity;sid:84153433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290334)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290334/; classtype:trojan-activity;sid:84153434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290322)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290322/; classtype:trojan-activity;sid:84153422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290323)"; flow:established,from_client; content:"GET"; http_method; content:"/h"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290323/; classtype:trojan-activity;sid:84153423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290324)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290324/; classtype:trojan-activity;sid:84153424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290325)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290325/; classtype:trojan-activity;sid:84153425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290326)"; flow:established,from_client; content:"GET"; http_method; content:"/get.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290326/; classtype:trojan-activity;sid:84153426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290327)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290327/; classtype:trojan-activity;sid:84153427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290328)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290328/; classtype:trojan-activity;sid:84153428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290329)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290329/; classtype:trojan-activity;sid:84153429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290330)"; flow:established,from_client; content:"GET"; http_method; content:"/e"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290330/; classtype:trojan-activity;sid:84153430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290331)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.19.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290331/; classtype:trojan-activity;sid:84153431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.244.203.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290321/; classtype:trojan-activity;sid:84153421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290320/; classtype:trojan-activity;sid:84153420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.75.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290319/; classtype:trojan-activity;sid:84153419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290318/; classtype:trojan-activity;sid:84153418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.71.208.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290317/; classtype:trojan-activity;sid:84153417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.55.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290316/; classtype:trojan-activity;sid:84153416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.83.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290315/; classtype:trojan-activity;sid:84153415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.134.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290314/; classtype:trojan-activity;sid:84153414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.72.71.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290313/; classtype:trojan-activity;sid:84153413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290312)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.121.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290312/; classtype:trojan-activity;sid:84153412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.53.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290311/; classtype:trojan-activity;sid:84153411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.177.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290310/; classtype:trojan-activity;sid:84153410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290309)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spim"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290309/; classtype:trojan-activity;sid:84153409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290308)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lespim"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290308/; classtype:trojan-activity;sid:84153408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290304)"; flow:established,from_client; content:"GET"; http_method; content:"/spim"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290304/; classtype:trojan-activity;sid:84153404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290305)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/686i"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290305/; classtype:trojan-activity;sid:84153405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290306)"; flow:established,from_client; content:"GET"; http_method; content:"/masjesuscan"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290306/; classtype:trojan-activity;sid:84153406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290307)"; flow:established,from_client; content:"GET"; http_method; content:"/686i"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290307/; classtype:trojan-activity;sid:84153407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290287)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/otjngv1bp2t2wygktp6vpwgka80sfs8iab"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290287/; classtype:trojan-activity;sid:84153387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290288)"; flow:established,from_client; content:"GET"; http_method; content:"/k86m"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290288/; classtype:trojan-activity;sid:84153388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290289)"; flow:established,from_client; content:"GET"; http_method; content:"/lespim"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290289/; classtype:trojan-activity;sid:84153389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290290)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/1atryf00opos9ilx4gxp7crcu1fygawrdz"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290290/; classtype:trojan-activity;sid:84153390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290291)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ddgoxpitynd4zmwu3lxpnqreztuiytcthc"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290291/; classtype:trojan-activity;sid:84153391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290292)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h1rx3qni5wrcb994mm4hal7tdgsjtnrdcz"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290292/; classtype:trojan-activity;sid:84153392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290293)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dgdryulfpjpmxvnvgqvoo59ky4rsmvzqvg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290293/; classtype:trojan-activity;sid:84153393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290294)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/uvkqx1yyb6q8fvvudsfvahpzadi3c3uejf"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290294/; classtype:trojan-activity;sid:84153394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290295)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/2d0ypsg4sficeykxifkga1v1xb9xjhhkil"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290295/; classtype:trojan-activity;sid:84153395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290296)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dbosmsy6tfy6cywrdeyadpiksb116avldd"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290296/; classtype:trojan-activity;sid:84153396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290297)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/1qjxptkhjphpaniquw6g8atwk5wd8oub2d"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290297/; classtype:trojan-activity;sid:84153397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290298)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/1kcogxsnblfs7xeornkhpct5i59q8yusqq"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290298/; classtype:trojan-activity;sid:84153398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290299)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/86ao51ixhifqdzyerzz86os2arylsdogre"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290299/; classtype:trojan-activity;sid:84153399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290300)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ojkgplrgvbp2g2c4v1rmk4watufzctl04v"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290300/; classtype:trojan-activity;sid:84153400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290301)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/qkh15hpxbaufrckz6ogyl4v3b4gbhhvpdx"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290301/; classtype:trojan-activity;sid:84153401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290302)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/k68m"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290302/; classtype:trojan-activity;sid:84153402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290303)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wxx9gcsv3pprl49zzyahfjceyrla72x9bj"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290303/; classtype:trojan-activity;sid:84153403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.71.208.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290286/; classtype:trojan-activity;sid:84153386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.66.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290285/; classtype:trojan-activity;sid:84153385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.165.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290284/; classtype:trojan-activity;sid:84153384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.131.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290283/; classtype:trojan-activity;sid:84153383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.157.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290282/; classtype:trojan-activity;sid:84153382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.246.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290281/; classtype:trojan-activity;sid:84153381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.93.32.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290280/; classtype:trojan-activity;sid:84153380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.90.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290279/; classtype:trojan-activity;sid:84153379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.100.213.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290278/; classtype:trojan-activity;sid:84153378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.111.117.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290277/; classtype:trojan-activity;sid:84153377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.82.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290276/; classtype:trojan-activity;sid:84153376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.139.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290275/; classtype:trojan-activity;sid:84153375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290273)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.52.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290273/; classtype:trojan-activity;sid:84153373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.185.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290274/; classtype:trojan-activity;sid:84153374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.3.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290272/; classtype:trojan-activity;sid:84153372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.226.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290271/; classtype:trojan-activity;sid:84153371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.75.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290270/; classtype:trojan-activity;sid:84153370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.3.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290269/; classtype:trojan-activity;sid:84153369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.172.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290268/; classtype:trojan-activity;sid:84153368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.214.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290267/; classtype:trojan-activity;sid:84153367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290266)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bot.suqi.bf"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290266/; classtype:trojan-activity;sid:84153366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290264)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bot.suqi.bf"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290264/; classtype:trojan-activity;sid:84153364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290265)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bot.suqi.bf"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290265/; classtype:trojan-activity;sid:84153365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290255)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bot.suqi.bf"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290255/; classtype:trojan-activity;sid:84153355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290256)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bot.suqi.bf"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290256/; classtype:trojan-activity;sid:84153356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290257)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bot.suqi.bf"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290257/; classtype:trojan-activity;sid:84153357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290258)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bot.suqi.bf"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290258/; classtype:trojan-activity;sid:84153358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290259)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bot.suqi.bf"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290259/; classtype:trojan-activity;sid:84153359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290260)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bot.suqi.bf"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290260/; classtype:trojan-activity;sid:84153360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.142.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290261/; classtype:trojan-activity;sid:84153361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290262)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bot.suqi.bf"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290262/; classtype:trojan-activity;sid:84153362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290263)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bot.suqi.bf"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290263/; classtype:trojan-activity;sid:84153363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290254/; classtype:trojan-activity;sid:84153354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.185.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290253/; classtype:trojan-activity;sid:84153353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.108.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290252/; classtype:trojan-activity;sid:84153352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.66.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290251/; classtype:trojan-activity;sid:84153351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.12.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290250/; classtype:trojan-activity;sid:84153350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.169.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290249/; classtype:trojan-activity;sid:84153349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290248/; classtype:trojan-activity;sid:84153348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.77.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290246/; classtype:trojan-activity;sid:84153346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290247)"; flow:established,from_client; content:"GET"; http_method; content:"/pro2.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.121.142.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290247/; classtype:trojan-activity;sid:84153347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.199.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290245/; classtype:trojan-activity;sid:84153345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.79.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290244/; classtype:trojan-activity;sid:84153344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290243)"; flow:established,from_client; content:"GET"; http_method; content:"/pro2.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.98.201.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290243/; classtype:trojan-activity;sid:84153343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.172.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290242/; classtype:trojan-activity;sid:84153342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.96.51"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290241/; classtype:trojan-activity;sid:84153341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.168.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290240/; classtype:trojan-activity;sid:84153340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290237)"; flow:established,from_client; content:"GET"; http_method; content:"/sshell.service"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.96.136.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290237/; classtype:trojan-activity;sid:84153337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290238)"; flow:established,from_client; content:"GET"; http_method; content:"/java"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.216.19.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290238/; classtype:trojan-activity;sid:84153338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290239)"; flow:established,from_client; content:"GET"; http_method; content:"/min.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.121.142.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290239/; classtype:trojan-activity;sid:84153339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290234)"; flow:established,from_client; content:"GET"; http_method; content:"/x/3sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.136.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290234/; classtype:trojan-activity;sid:84153334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290235)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.120.125.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290235/; classtype:trojan-activity;sid:84153335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290236)"; flow:established,from_client; content:"GET"; http_method; content:"/carm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.96.136.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290236/; classtype:trojan-activity;sid:84153336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290232)"; flow:established,from_client; content:"GET"; http_method; content:"/x/2sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.136.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290232/; classtype:trojan-activity;sid:84153332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290233)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.202.35.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290233/; classtype:trojan-activity;sid:84153333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290231)"; flow:established,from_client; content:"GET"; http_method; content:"/min.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.29.237.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290231/; classtype:trojan-activity;sid:84153331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.108.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290230/; classtype:trojan-activity;sid:84153330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290229)"; flow:established,from_client; content:"GET"; http_method; content:"/bambo/fijibo.txt"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"bugijepakx1c.b-cdn.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290229/; classtype:trojan-activity;sid:84153329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290228)"; flow:established,from_client; content:"GET"; http_method; content:"/burgi.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cloud-salchechon.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290228/; classtype:trojan-activity;sid:84153328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.199.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290227/; classtype:trojan-activity;sid:84153327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.8.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290226/; classtype:trojan-activity;sid:84153326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.228.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290225/; classtype:trojan-activity;sid:84153325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290224)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.220.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290224/; classtype:trojan-activity;sid:84153324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.228.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290223/; classtype:trojan-activity;sid:84153323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.46.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290222/; classtype:trojan-activity;sid:84153322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290221)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.123.238.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290221/; classtype:trojan-activity;sid:84153321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.226.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290220/; classtype:trojan-activity;sid:84153320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.165.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290218/; classtype:trojan-activity;sid:84153318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290219)"; flow:established,from_client; content:"GET"; http_method; content:"/burgi.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"njprfirm.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290219/; classtype:trojan-activity;sid:84153319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.176.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290216/; classtype:trojan-activity;sid:84153316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"187.170.37.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290217/; classtype:trojan-activity;sid:84153317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.79.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290214/; classtype:trojan-activity;sid:84153314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"38.137.0.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290215/; classtype:trojan-activity;sid:84153315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.210.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290213/; classtype:trojan-activity;sid:84153313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290212)"; flow:established,from_client; content:"GET"; http_method; content:"/alertswiss_bind_sign.apk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.mspa-constabulary.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290212/; classtype:trojan-activity;sid:84153312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290211/; classtype:trojan-activity;sid:84153311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290210/; classtype:trojan-activity;sid:84153310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.93.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290209/; classtype:trojan-activity;sid:84153309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290208)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/ethz4ras5vj7pyq9udz83/laudobombeirospdf.msi|3f|rlkey=aw3azigq5haqd3e4fyck1nyob|7c|26|7c|st=l7sauzxm|7c|26|7c|dl=1"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290208/; classtype:trojan-activity;sid:84153308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.153.91.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290206/; classtype:trojan-activity;sid:84153306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.86.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290207/; classtype:trojan-activity;sid:84153307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.193.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290205/; classtype:trojan-activity;sid:84153305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.242.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290204/; classtype:trojan-activity;sid:84153304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290202)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"15.235.149.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290202/; classtype:trojan-activity;sid:84153302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290203)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"15.235.149.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290203/; classtype:trojan-activity;sid:84153303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.60.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290201/; classtype:trojan-activity;sid:84153301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290200)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sg-singapore.allsafevpn.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290200/; classtype:trojan-activity;sid:84153300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290194)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"15.235.149.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290194/; classtype:trojan-activity;sid:84153294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290195)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sg-singapore.allsafevpn.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290195/; classtype:trojan-activity;sid:84153295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290196)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sg-singapore.allsafevpn.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290196/; classtype:trojan-activity;sid:84153296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290197)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"15.235.149.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290197/; classtype:trojan-activity;sid:84153297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290198)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"15.235.149.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290198/; classtype:trojan-activity;sid:84153298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290199)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sg-singapore.allsafevpn.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290199/; classtype:trojan-activity;sid:84153299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290183)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"15.235.149.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290183/; classtype:trojan-activity;sid:84153283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290184)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sg-singapore.allsafevpn.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290184/; classtype:trojan-activity;sid:84153284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290185)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sg-singapore.allsafevpn.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290185/; classtype:trojan-activity;sid:84153285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290186)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"15.235.149.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290186/; classtype:trojan-activity;sid:84153286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290187)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"15.235.149.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290187/; classtype:trojan-activity;sid:84153287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290188)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sg-singapore.allsafevpn.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290188/; classtype:trojan-activity;sid:84153288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290189)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sg-singapore.allsafevpn.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290189/; classtype:trojan-activity;sid:84153289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290190)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sg-singapore.allsafevpn.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290190/; classtype:trojan-activity;sid:84153290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290191)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sg-singapore.allsafevpn.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290191/; classtype:trojan-activity;sid:84153291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290192)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"15.235.149.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290192/; classtype:trojan-activity;sid:84153292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290193)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"15.235.149.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290193/; classtype:trojan-activity;sid:84153293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.9.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290182/; classtype:trojan-activity;sid:84153282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.8.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290181/; classtype:trojan-activity;sid:84153281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290180)"; flow:established,from_client; content:"GET"; http_method; content:"/download/direct/bea84ef0-a7bf-421f-960c-ed3d3c21dfa7/pawyvstri.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"store6.gofile.io"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290180/; classtype:trojan-activity;sid:84153280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.139.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290179/; classtype:trojan-activity;sid:84153279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290178/; classtype:trojan-activity;sid:84153278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.216.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290177/; classtype:trojan-activity;sid:84153277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.238.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290176/; classtype:trojan-activity;sid:84153276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.158.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290175/; classtype:trojan-activity;sid:84153275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.137.0.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290174/; classtype:trojan-activity;sid:84153274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.8.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290173/; classtype:trojan-activity;sid:84153273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.123.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290172/; classtype:trojan-activity;sid:84153272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.55.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290171/; classtype:trojan-activity;sid:84153271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.88.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290170/; classtype:trojan-activity;sid:84153270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290163)"; flow:established,from_client; content:"GET"; http_method; content:"/totallysafe1.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.81.124.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290163/; classtype:trojan-activity;sid:84153263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290164)"; flow:established,from_client; content:"GET"; http_method; content:"/stage1.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"151.81.124.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290164/; classtype:trojan-activity;sid:84153264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290165)"; flow:established,from_client; content:"GET"; http_method; content:"/off.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"151.81.124.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290165/; classtype:trojan-activity;sid:84153265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290166)"; flow:established,from_client; content:"GET"; http_method; content:"/totallysafe2.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.81.124.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290166/; classtype:trojan-activity;sid:84153266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290167)"; flow:established,from_client; content:"GET"; http_method; content:"/totallysafe.msi"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"151.81.124.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290167/; classtype:trojan-activity;sid:84153267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290168)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"151.81.124.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290168/; classtype:trojan-activity;sid:84153268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290169)"; flow:established,from_client; content:"GET"; http_method; content:"/totallysafe.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"151.81.124.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290169/; classtype:trojan-activity;sid:84153269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.246.69.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290162/; classtype:trojan-activity;sid:84153262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290161)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"222.241.48.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290161/; classtype:trojan-activity;sid:84153261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.10.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290160/; classtype:trojan-activity;sid:84153260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.44.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290159/; classtype:trojan-activity;sid:84153259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.47.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290158/; classtype:trojan-activity;sid:84153258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.178.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290157/; classtype:trojan-activity;sid:84153257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.139.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290156/; classtype:trojan-activity;sid:84153256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.103.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290155/; classtype:trojan-activity;sid:84153255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290154/; classtype:trojan-activity;sid:84153254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.216.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290153/; classtype:trojan-activity;sid:84153253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.125.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290152/; classtype:trojan-activity;sid:84153252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290151)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"38.242.241.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290151/; classtype:trojan-activity;sid:84153251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.246.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290150/; classtype:trojan-activity;sid:84153250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.127.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290148/; classtype:trojan-activity;sid:84153248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.112.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290147/; classtype:trojan-activity;sid:84153247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.243.133.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290145/; classtype:trojan-activity;sid:84153245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290146/; classtype:trojan-activity;sid:84153246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290142)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.33.229.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290142/; classtype:trojan-activity;sid:84153242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.220.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290141/; classtype:trojan-activity;sid:84153241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290140)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.33.231.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290140/; classtype:trojan-activity;sid:84153240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290139)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"221.222.173.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290139/; classtype:trojan-activity;sid:84153239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.171.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290138/; classtype:trojan-activity;sid:84153238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290124)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vmi2145130.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290124/; classtype:trojan-activity;sid:84153224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290125)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290125/; classtype:trojan-activity;sid:84153225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290126)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.30.202.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290126/; classtype:trojan-activity;sid:84153226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.80.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290127/; classtype:trojan-activity;sid:84153227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290128)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.30.204.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290128/; classtype:trojan-activity;sid:84153228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290129)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"221.222.173.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290129/; classtype:trojan-activity;sid:84153229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290130)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.115.131.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290130/; classtype:trojan-activity;sid:84153230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290131)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.58.200.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290131/; classtype:trojan-activity;sid:84153231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.110.41.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290132/; classtype:trojan-activity;sid:84153232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.123.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290133/; classtype:trojan-activity;sid:84153233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290134)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.33.229.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290134/; classtype:trojan-activity;sid:84153234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.65.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290135/; classtype:trojan-activity;sid:84153235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290136)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"59.58.200.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290136/; classtype:trojan-activity;sid:84153236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290137)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.33.231.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290137/; classtype:trojan-activity;sid:84153237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290122)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vmi2145130.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290122/; classtype:trojan-activity;sid:84153222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290123)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"38.242.241.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290123/; classtype:trojan-activity;sid:84153223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290107)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.202.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290107/; classtype:trojan-activity;sid:84153207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290108)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"59.58.200.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290108/; classtype:trojan-activity;sid:84153208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290109)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290109/; classtype:trojan-activity;sid:84153209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290110)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.178.190.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290110/; classtype:trojan-activity;sid:84153210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290111)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290111/; classtype:trojan-activity;sid:84153211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290112)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vps-d21ef853.vps.ovh.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290112/; classtype:trojan-activity;sid:84153212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290113)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.222.173.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290113/; classtype:trojan-activity;sid:84153213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290114)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vps-d21ef853.vps.ovh.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290114/; classtype:trojan-activity;sid:84153214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290115)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.206.52.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290115/; classtype:trojan-activity;sid:84153215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290116)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.33.229.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290116/; classtype:trojan-activity;sid:84153216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.53.98.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290117/; classtype:trojan-activity;sid:84153217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290118)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.115.131.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290118/; classtype:trojan-activity;sid:84153218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290119)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.115.131.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290119/; classtype:trojan-activity;sid:84153219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290120)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.33.231.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290120/; classtype:trojan-activity;sid:84153220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290121)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.202.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290121/; classtype:trojan-activity;sid:84153221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290094)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.242.241.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290094/; classtype:trojan-activity;sid:84153194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290095)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vps-d21ef853.vps.ovh.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290095/; classtype:trojan-activity;sid:84153195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290096)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.30.204.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290096/; classtype:trojan-activity;sid:84153196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.88.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290097/; classtype:trojan-activity;sid:84153197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.68.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290098/; classtype:trojan-activity;sid:84153198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.182.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290099/; classtype:trojan-activity;sid:84153199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290100)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290100/; classtype:trojan-activity;sid:84153200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290101)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.178.190.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290101/; classtype:trojan-activity;sid:84153201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290102)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vmi2145130.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290102/; classtype:trojan-activity;sid:84153202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.68.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290103/; classtype:trojan-activity;sid:84153203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.229.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290104/; classtype:trojan-activity;sid:84153204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290105)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.206.52.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290105/; classtype:trojan-activity;sid:84153205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290106)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.206.52.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290106/; classtype:trojan-activity;sid:84153206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290093)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.190.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290093/; classtype:trojan-activity;sid:84153193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290091)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.75.142.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290091/; classtype:trojan-activity;sid:84153191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290092)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"51.75.142.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290092/; classtype:trojan-activity;sid:84153192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290090)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.115.131.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290090/; classtype:trojan-activity;sid:84153190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290089)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.33.231.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290089/; classtype:trojan-activity;sid:84153189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290088)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.33.229.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290088/; classtype:trojan-activity;sid:84153188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290087)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.33.231.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290087/; classtype:trojan-activity;sid:84153187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290086)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.115.131.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290086/; classtype:trojan-activity;sid:84153186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290085)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.33.231.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290085/; classtype:trojan-activity;sid:84153185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290084)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"221.222.173.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290084/; classtype:trojan-activity;sid:84153184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290083)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.33.229.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290083/; classtype:trojan-activity;sid:84153183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290082)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.33.229.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290082/; classtype:trojan-activity;sid:84153182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290081)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.222.173.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290081/; classtype:trojan-activity;sid:84153181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290080)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"221.222.173.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290080/; classtype:trojan-activity;sid:84153180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290079)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.115.131.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290079/; classtype:trojan-activity;sid:84153179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290077)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.30.202.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290077/; classtype:trojan-activity;sid:84153177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290078)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.202.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290078/; classtype:trojan-activity;sid:84153178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290076)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.202.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290076/; classtype:trojan-activity;sid:84153176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290075)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"183.30.202.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290075/; classtype:trojan-activity;sid:84153175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290073)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.58.200.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290073/; classtype:trojan-activity;sid:84153173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290074)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.242.241.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290074/; classtype:trojan-activity;sid:84153174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290069)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vps-d21ef853.vps.ovh.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290069/; classtype:trojan-activity;sid:84153169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290070)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.178.190.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290070/; classtype:trojan-activity;sid:84153170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290071)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vps-d21ef853.vps.ovh.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290071/; classtype:trojan-activity;sid:84153171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290072)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.178.190.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290072/; classtype:trojan-activity;sid:84153172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290068)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.75.142.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290068/; classtype:trojan-activity;sid:84153168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290066)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290066/; classtype:trojan-activity;sid:84153166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290067)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vmi2145130.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290067/; classtype:trojan-activity;sid:84153167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290063)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.30.204.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290063/; classtype:trojan-activity;sid:84153163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290064)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.206.52.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290064/; classtype:trojan-activity;sid:84153164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290065)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.206.52.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290065/; classtype:trojan-activity;sid:84153165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290062)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"38.242.241.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290062/; classtype:trojan-activity;sid:84153162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290061)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290061/; classtype:trojan-activity;sid:84153161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290060)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.206.52.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290060/; classtype:trojan-activity;sid:84153160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290058)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290058/; classtype:trojan-activity;sid:84153158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290059)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"51.75.142.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290059/; classtype:trojan-activity;sid:84153159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290055)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.30.204.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290055/; classtype:trojan-activity;sid:84153155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290056)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vps-d21ef853.vps.ovh.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290056/; classtype:trojan-activity;sid:84153156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290057)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290057/; classtype:trojan-activity;sid:84153157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290051)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vmi2145130.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290051/; classtype:trojan-activity;sid:84153151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290052)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.190.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290052/; classtype:trojan-activity;sid:84153152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290053)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"59.58.200.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290053/; classtype:trojan-activity;sid:84153153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290054)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"59.58.200.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290054/; classtype:trojan-activity;sid:84153154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290050)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.75.142.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290050/; classtype:trojan-activity;sid:84153150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290049)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vmi2145130.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290049/; classtype:trojan-activity;sid:84153149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290048)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"38.242.241.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290048/; classtype:trojan-activity;sid:84153148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.215.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290047/; classtype:trojan-activity;sid:84153147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.21.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290046/; classtype:trojan-activity;sid:84153146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.100.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290045/; classtype:trojan-activity;sid:84153145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.110.41.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290044/; classtype:trojan-activity;sid:84153144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.164.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290043/; classtype:trojan-activity;sid:84153143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.10.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290042/; classtype:trojan-activity;sid:84153142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.249.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290041/; classtype:trojan-activity;sid:84153141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.88.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290040/; classtype:trojan-activity;sid:84153140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.163.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290039/; classtype:trojan-activity;sid:84153139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.182.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290038/; classtype:trojan-activity;sid:84153138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.68.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290037/; classtype:trojan-activity;sid:84153137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.27.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290030/; classtype:trojan-activity;sid:84153130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290029/; classtype:trojan-activity;sid:84153129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.163.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290028/; classtype:trojan-activity;sid:84153128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.90.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290027/; classtype:trojan-activity;sid:84153127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290026)"; flow:established,from_client; content:"GET"; http_method; content:"/old/iwir64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.125.66.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290026/; classtype:trojan-activity;sid:84153126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.245.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290024/; classtype:trojan-activity;sid:84153124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.187.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290025/; classtype:trojan-activity;sid:84153125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.89.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290023/; classtype:trojan-activity;sid:84153123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.229.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290022/; classtype:trojan-activity;sid:84153122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.229.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290020/; classtype:trojan-activity;sid:84153120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.244.203.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290021/; classtype:trojan-activity;sid:84153121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.238.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290018/; classtype:trojan-activity;sid:84153118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.182.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290019/; classtype:trojan-activity;sid:84153119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.27.36.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290017/; classtype:trojan-activity;sid:84153117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.16.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290015/; classtype:trojan-activity;sid:84153115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.88.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290016/; classtype:trojan-activity;sid:84153116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.215.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290014/; classtype:trojan-activity;sid:84153114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.249.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290013/; classtype:trojan-activity;sid:84153113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"187.86.183.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290012/; classtype:trojan-activity;sid:84153112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.19.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290011/; classtype:trojan-activity;sid:84153111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.120.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290010/; classtype:trojan-activity;sid:84153110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.146.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290009/; classtype:trojan-activity;sid:84153109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.252.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290008/; classtype:trojan-activity;sid:84153108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.66.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290006/; classtype:trojan-activity;sid:84153106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.81.151.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290007/; classtype:trojan-activity;sid:84153107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290005/; classtype:trojan-activity;sid:84153105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.2.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290004/; classtype:trojan-activity;sid:84153104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.89.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290003/; classtype:trojan-activity;sid:84153103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.120.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290002/; classtype:trojan-activity;sid:84153102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.36.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290001/; classtype:trojan-activity;sid:84153101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.187.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290000/; classtype:trojan-activity;sid:84153100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289999)"; flow:established,from_client; content:"GET"; http_method; content:"/obfuscated25.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.81.124.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289999/; classtype:trojan-activity;sid:84153099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.36.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289991/; classtype:trojan-activity;sid:84153091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.86.183.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289990/; classtype:trojan-activity;sid:84153090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.232.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289989/; classtype:trojan-activity;sid:84153089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.5.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289988/; classtype:trojan-activity;sid:84153088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.226.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289986/; classtype:trojan-activity;sid:84153086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.10.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289987/; classtype:trojan-activity;sid:84153087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.232.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289985/; classtype:trojan-activity;sid:84153085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.106.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289984/; classtype:trojan-activity;sid:84153084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.202.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289983/; classtype:trojan-activity;sid:84153083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289982/; classtype:trojan-activity;sid:84153082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289981)"; flow:established,from_client; content:"GET"; http_method; content:"/svvgtbyunyfyhvrtctyujkdsgggvthbyb.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"104.243.37.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289981/; classtype:trojan-activity;sid:84153081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289980)"; flow:established,from_client; content:"GET"; http_method; content:"/tt001010100100101000100010111010010101000101.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"104.243.37.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289980/; classtype:trojan-activity;sid:84153080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289979)"; flow:established,from_client; content:"GET"; http_method; content:"/ergrbcgvwefeycdfr.jpg"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"104.243.37.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289979/; classtype:trojan-activity;sid:84153079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289978)"; flow:established,from_client; content:"GET"; http_method; content:"/g5bbapvsvpgnwnvhfgsf.jpg"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"104.243.37.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289978/; classtype:trojan-activity;sid:84153078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.8.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289977/; classtype:trojan-activity;sid:84153077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.30.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289976/; classtype:trojan-activity;sid:84153076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.94.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289975/; classtype:trojan-activity;sid:84153075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.161.75.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289974/; classtype:trojan-activity;sid:84153074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.131.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289973/; classtype:trojan-activity;sid:84153073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.37.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289972/; classtype:trojan-activity;sid:84153072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.84.95.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289971/; classtype:trojan-activity;sid:84153071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.215.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289970/; classtype:trojan-activity;sid:84153070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.245.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289969/; classtype:trojan-activity;sid:84153069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.224.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289968/; classtype:trojan-activity;sid:84153068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.93.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289967/; classtype:trojan-activity;sid:84153067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.105.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289966/; classtype:trojan-activity;sid:84153066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.72.71.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289965/; classtype:trojan-activity;sid:84153065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.119.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289964/; classtype:trojan-activity;sid:84153064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.30.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289963/; classtype:trojan-activity;sid:84153063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289962/; classtype:trojan-activity;sid:84153062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.8.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289961/; classtype:trojan-activity;sid:84153061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.94.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289960/; classtype:trojan-activity;sid:84153060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.118.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289959/; classtype:trojan-activity;sid:84153059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.160.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289958/; classtype:trojan-activity;sid:84153058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.11.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289957/; classtype:trojan-activity;sid:84153057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.116.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289956/; classtype:trojan-activity;sid:84153056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289954/; classtype:trojan-activity;sid:84153054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.15.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289955/; classtype:trojan-activity;sid:84153055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.203.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289952/; classtype:trojan-activity;sid:84153052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.209.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289953/; classtype:trojan-activity;sid:84153053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.138.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289951/; classtype:trojan-activity;sid:84153051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289950)"; flow:established,from_client; content:"GET"; http_method; content:"/d/gc9rl/0"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289950/; classtype:trojan-activity;sid:84153050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.20.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289948/; classtype:trojan-activity;sid:84153048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289949)"; flow:established,from_client; content:"GET"; http_method; content:"/txt/xxdquuorm1vd3an.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.84.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289949/; classtype:trojan-activity;sid:84153049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.152.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289947/; classtype:trojan-activity;sid:84153047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.128.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289946/; classtype:trojan-activity;sid:84153046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.93.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289945/; classtype:trojan-activity;sid:84153045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.249.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289944/; classtype:trojan-activity;sid:84153044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.31.228.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289943/; classtype:trojan-activity;sid:84153043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.123.238.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289942/; classtype:trojan-activity;sid:84153042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.225.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289941/; classtype:trojan-activity;sid:84153041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.250.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289940/; classtype:trojan-activity;sid:84153040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.165.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289938/; classtype:trojan-activity;sid:84153038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.117.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289939/; classtype:trojan-activity;sid:84153039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.75.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289937/; classtype:trojan-activity;sid:84153037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.118.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289936/; classtype:trojan-activity;sid:84153036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.217.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289935/; classtype:trojan-activity;sid:84153035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.31.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289932/; classtype:trojan-activity;sid:84153032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289933)"; flow:established,from_client; content:"GET"; http_method; content:"/spoof.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.112.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289933/; classtype:trojan-activity;sid:84153033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289934)"; flow:established,from_client; content:"GET"; http_method; content:"/injector.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.233.112.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289934/; classtype:trojan-activity;sid:84153034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289931)"; flow:established,from_client; content:"GET"; http_method; content:"/infopage/tbh75.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"147.45.44.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289931/; classtype:trojan-activity;sid:84153031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.203.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289929/; classtype:trojan-activity;sid:84153029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.229.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289930/; classtype:trojan-activity;sid:84153030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.182.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289928/; classtype:trojan-activity;sid:84153028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.200.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289927/; classtype:trojan-activity;sid:84153027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.165.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289926/; classtype:trojan-activity;sid:84153026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.209.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289925/; classtype:trojan-activity;sid:84153025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.29.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289923/; classtype:trojan-activity;sid:84153023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289924)"; flow:established,from_client; content:"GET"; http_method; content:"/hgzyyfcbupqbjoakn230.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"104.168.32.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289924/; classtype:trojan-activity;sid:84153024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289921)"; flow:established,from_client; content:"GET"; http_method; content:"/xmxdjzpgdtjvvtskbp182.bin"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"93.123.109.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289921/; classtype:trojan-activity;sid:84153021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289922)"; flow:established,from_client; content:"GET"; http_method; content:"/aqffltju37.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.109.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289922/; classtype:trojan-activity;sid:84153022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.152.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289920/; classtype:trojan-activity;sid:84153020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.229.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289919/; classtype:trojan-activity;sid:84153019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.75.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289918/; classtype:trojan-activity;sid:84153018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.223.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289917/; classtype:trojan-activity;sid:84153017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.143.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289916/; classtype:trojan-activity;sid:84153016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.20.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289914/; classtype:trojan-activity;sid:84153014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.183.165.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289915/; classtype:trojan-activity;sid:84153015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289913/; classtype:trojan-activity;sid:84153013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.186.52.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289911/; classtype:trojan-activity;sid:84153011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.205.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289912/; classtype:trojan-activity;sid:84153012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.229.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289909/; classtype:trojan-activity;sid:84153009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289910)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289910/; classtype:trojan-activity;sid:84153010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289908)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.44.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289908/; classtype:trojan-activity;sid:84153008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.50.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289907/; classtype:trojan-activity;sid:84153007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.76.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289906/; classtype:trojan-activity;sid:84153006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.253.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289905/; classtype:trojan-activity;sid:84153005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.200.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289904/; classtype:trojan-activity;sid:84153004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289903)"; flow:established,from_client; content:"GET"; http_method; content:"/op/op.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cdn.download.pdfforge.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289903/; classtype:trojan-activity;sid:84153003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289902)"; flow:established,from_client; content:"GET"; http_method; content:"/6.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"124.71.194.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289902/; classtype:trojan-activity;sid:84153002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289901)"; flow:established,from_client; content:"GET"; http_method; content:"/8bed3cs/plugins/cred.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"193.106.191.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289901/; classtype:trojan-activity;sid:84153001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289897)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qehwy7iyzbzplalfb_6h10ctyxnqoxq0"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289897/; classtype:trojan-activity;sid:84152997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289898)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uf-tznozeokhrztjvfoxmsfd1xiha_pk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289898/; classtype:trojan-activity;sid:84152998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289899)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=16wv9mnfwgo7cxzipnwtatuc7uifjxjyk|7c|26|7c|export=download|7c|26|7c|authuser=0"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289899/; classtype:trojan-activity;sid:84152999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.9.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289900/; classtype:trojan-activity;sid:84153000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289894)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=16xisquley2kqy-0gjdmpw9g6mkdfelsv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289894/; classtype:trojan-activity;sid:84152994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289895)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1eomyykn5uhcvtt3rus5vqjin7web-e1q"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289895/; classtype:trojan-activity;sid:84152995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289896)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wc6il7hv9_f2kycpkcltgk89oqzy6nl4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289896/; classtype:trojan-activity;sid:84152996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.103.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289893/; classtype:trojan-activity;sid:84152993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.56.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289892/; classtype:trojan-activity;sid:84152992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.229.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289891/; classtype:trojan-activity;sid:84152991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.80.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289890/; classtype:trojan-activity;sid:84152990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.25.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289889/; classtype:trojan-activity;sid:84152989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.148.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289888/; classtype:trojan-activity;sid:84152988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.4.120"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289887/; classtype:trojan-activity;sid:84152987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.228.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289886/; classtype:trojan-activity;sid:84152986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.80.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289885/; classtype:trojan-activity;sid:84152985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.69.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289884/; classtype:trojan-activity;sid:84152984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.89.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289882/; classtype:trojan-activity;sid:84152982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.86.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289883/; classtype:trojan-activity;sid:84152983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.154.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289881/; classtype:trojan-activity;sid:84152981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.160.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289880/; classtype:trojan-activity;sid:84152980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.126.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289879/; classtype:trojan-activity;sid:84152979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.14.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289878/; classtype:trojan-activity;sid:84152978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.183.165.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289877/; classtype:trojan-activity;sid:84152977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.80.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289876/; classtype:trojan-activity;sid:84152976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289875)"; flow:established,from_client; content:"GET"; http_method; content:"/r00ts3c/ddos-rootsec/refs/heads/master/ddos%20scripts/l4/udp/10gbpsudp.py"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289875/; classtype:trojan-activity;sid:84152975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.41.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289874/; classtype:trojan-activity;sid:84152974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.50.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289873/; classtype:trojan-activity;sid:84152973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.16.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289872/; classtype:trojan-activity;sid:84152972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.223.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289871/; classtype:trojan-activity;sid:84152971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.103.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289870/; classtype:trojan-activity;sid:84152970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.64.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289869/; classtype:trojan-activity;sid:84152969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.213.69.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289868/; classtype:trojan-activity;sid:84152968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.13.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289867/; classtype:trojan-activity;sid:84152967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.25.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289866/; classtype:trojan-activity;sid:84152966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.198.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289865/; classtype:trojan-activity;sid:84152965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.101.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289864/; classtype:trojan-activity;sid:84152964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.250.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289863/; classtype:trojan-activity;sid:84152963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.39.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289861/; classtype:trojan-activity;sid:84152961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.240.18.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289862/; classtype:trojan-activity;sid:84152962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.102.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289860/; classtype:trojan-activity;sid:84152960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.18.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289859/; classtype:trojan-activity;sid:84152959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.240.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289858/; classtype:trojan-activity;sid:84152958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289857/; classtype:trojan-activity;sid:84152957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.14.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289856/; classtype:trojan-activity;sid:84152956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.251.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289855/; classtype:trojan-activity;sid:84152955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.219.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289853/; classtype:trojan-activity;sid:84152953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.211.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289854/; classtype:trojan-activity;sid:84152954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.20.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289852/; classtype:trojan-activity;sid:84152952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.218.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289851/; classtype:trojan-activity;sid:84152951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.150.75.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289850/; classtype:trojan-activity;sid:84152950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.23.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289849/; classtype:trojan-activity;sid:84152949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289847)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.223.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289847/; classtype:trojan-activity;sid:84152947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.9.101"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289848/; classtype:trojan-activity;sid:84152948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.205.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289846/; classtype:trojan-activity;sid:84152946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.198.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289845/; classtype:trojan-activity;sid:84152945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.245.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289844/; classtype:trojan-activity;sid:84152944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.217.95.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289843/; classtype:trojan-activity;sid:84152943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289842/; classtype:trojan-activity;sid:84152942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.34.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289841/; classtype:trojan-activity;sid:84152941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.161.75.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289840/; classtype:trojan-activity;sid:84152940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.218.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289839/; classtype:trojan-activity;sid:84152939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.179.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289838/; classtype:trojan-activity;sid:84152938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.20.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289837/; classtype:trojan-activity;sid:84152937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.117.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289836/; classtype:trojan-activity;sid:84152936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.250.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289835/; classtype:trojan-activity;sid:84152935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.67.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289834/; classtype:trojan-activity;sid:84152934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.42.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289833/; classtype:trojan-activity;sid:84152933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.175.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289832/; classtype:trojan-activity;sid:84152932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.85.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289830/; classtype:trojan-activity;sid:84152930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.34.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289831/; classtype:trojan-activity;sid:84152931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.64.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289829/; classtype:trojan-activity;sid:84152929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.240.18.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289828/; classtype:trojan-activity;sid:84152928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.139.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289827/; classtype:trojan-activity;sid:84152927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.245.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289826/; classtype:trojan-activity;sid:84152926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.208.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289825/; classtype:trojan-activity;sid:84152925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.196.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289824/; classtype:trojan-activity;sid:84152924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.122.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289823/; classtype:trojan-activity;sid:84152923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.100.174.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289822/; classtype:trojan-activity;sid:84152922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289821/; classtype:trojan-activity;sid:84152921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.212.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289820/; classtype:trojan-activity;sid:84152920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.58.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289818/; classtype:trojan-activity;sid:84152918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.254.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289819/; classtype:trojan-activity;sid:84152919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.230.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289817/; classtype:trojan-activity;sid:84152917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.23.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289815/; classtype:trojan-activity;sid:84152915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.77.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289816/; classtype:trojan-activity;sid:84152916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.189.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289814/; classtype:trojan-activity;sid:84152914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.159.71.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289813/; classtype:trojan-activity;sid:84152913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.67.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289812/; classtype:trojan-activity;sid:84152912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.187.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289811/; classtype:trojan-activity;sid:84152911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.246.69.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289810/; classtype:trojan-activity;sid:84152910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.61.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289809/; classtype:trojan-activity;sid:84152909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.161.75.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289808/; classtype:trojan-activity;sid:84152908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.229.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289806/; classtype:trojan-activity;sid:84152906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.186.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289807/; classtype:trojan-activity;sid:84152907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.1.242"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289805/; classtype:trojan-activity;sid:84152905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.236.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289804/; classtype:trojan-activity;sid:84152904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.23.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289803/; classtype:trojan-activity;sid:84152903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.30.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289802/; classtype:trojan-activity;sid:84152902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.247.66.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289801/; classtype:trojan-activity;sid:84152901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289800/; classtype:trojan-activity;sid:84152900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.122.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289799/; classtype:trojan-activity;sid:84152899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.230.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289798/; classtype:trojan-activity;sid:84152898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.87.59"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289797/; classtype:trojan-activity;sid:84152897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.49.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289796/; classtype:trojan-activity;sid:84152896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.212.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289795/; classtype:trojan-activity;sid:84152895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.77.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289793/; classtype:trojan-activity;sid:84152893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.148.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289794/; classtype:trojan-activity;sid:84152894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.224.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289792/; classtype:trojan-activity;sid:84152892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.66.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289791/; classtype:trojan-activity;sid:84152891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.16.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289790/; classtype:trojan-activity;sid:84152890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.158.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289789/; classtype:trojan-activity;sid:84152889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.189.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289788/; classtype:trojan-activity;sid:84152888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.8.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289787/; classtype:trojan-activity;sid:84152887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.219.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289786/; classtype:trojan-activity;sid:84152886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.159.71.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289785/; classtype:trojan-activity;sid:84152885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.99.147"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289784/; classtype:trojan-activity;sid:84152884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.236.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289783/; classtype:trojan-activity;sid:84152883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.77.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289782/; classtype:trojan-activity;sid:84152882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.122.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289781/; classtype:trojan-activity;sid:84152881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.154.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289780/; classtype:trojan-activity;sid:84152880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.109.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289779/; classtype:trojan-activity;sid:84152879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.126.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289778/; classtype:trojan-activity;sid:84152878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.149.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289777/; classtype:trojan-activity;sid:84152877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.186.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289775/; classtype:trojan-activity;sid:84152875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.235.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289776/; classtype:trojan-activity;sid:84152876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289774)"; flow:established,from_client; content:"GET"; http_method; content:"/files/babababa.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289774/; classtype:trojan-activity;sid:84152874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289773)"; flow:established,from_client; content:"GET"; http_method; content:"/abcd/09.jpg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"quit.do.am"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289773/; classtype:trojan-activity;sid:84152873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289772)"; flow:established,from_client; content:"GET"; http_method; content:"/files/lum250.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289772/; classtype:trojan-activity;sid:84152872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.141.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289771/; classtype:trojan-activity;sid:84152871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289770/; classtype:trojan-activity;sid:84152870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.66.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289769/; classtype:trojan-activity;sid:84152869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289768/; classtype:trojan-activity;sid:84152868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.181.237.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289767/; classtype:trojan-activity;sid:84152867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.140.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289765/; classtype:trojan-activity;sid:84152865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.158.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289766/; classtype:trojan-activity;sid:84152866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.8.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289764/; classtype:trojan-activity;sid:84152864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.41.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289763/; classtype:trojan-activity;sid:84152863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.66.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289762/; classtype:trojan-activity;sid:84152862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.77.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289761/; classtype:trojan-activity;sid:84152861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.70.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289760/; classtype:trojan-activity;sid:84152860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.229.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289759/; classtype:trojan-activity;sid:84152859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289756)"; flow:established,from_client; content:"GET"; http_method; content:"/qkbfi86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289756/; classtype:trojan-activity;sid:84152856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.3.55.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289757/; classtype:trojan-activity;sid:84152857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.81.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289758/; classtype:trojan-activity;sid:84152858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.13.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289755/; classtype:trojan-activity;sid:84152855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.215.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289754/; classtype:trojan-activity;sid:84152854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.218.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289753/; classtype:trojan-activity;sid:84152853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.227.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289752/; classtype:trojan-activity;sid:84152852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.34.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289751/; classtype:trojan-activity;sid:84152851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.177.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289748/; classtype:trojan-activity;sid:84152848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.71.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289749/; classtype:trojan-activity;sid:84152849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.88.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289750/; classtype:trojan-activity;sid:84152850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.110.15.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289744/; classtype:trojan-activity;sid:84152844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.82.227.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289745/; classtype:trojan-activity;sid:84152845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.226.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289746/; classtype:trojan-activity;sid:84152846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.122.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289747/; classtype:trojan-activity;sid:84152847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.14.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289742/; classtype:trojan-activity;sid:84152842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.9.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289743/; classtype:trojan-activity;sid:84152843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.13.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289741/; classtype:trojan-activity;sid:84152841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.197.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289740/; classtype:trojan-activity;sid:84152840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.94.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289739/; classtype:trojan-activity;sid:84152839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.27.199.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289738/; classtype:trojan-activity;sid:84152838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.13.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289737/; classtype:trojan-activity;sid:84152837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.236.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289736/; classtype:trojan-activity;sid:84152836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.41.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289735/; classtype:trojan-activity;sid:84152835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.251.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289734/; classtype:trojan-activity;sid:84152834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.62.3.144"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289732/; classtype:trojan-activity;sid:84152832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.93.44.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289733/; classtype:trojan-activity;sid:84152833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.210.224.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289731/; classtype:trojan-activity;sid:84152831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.99.147"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289730/; classtype:trojan-activity;sid:84152830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289729/; classtype:trojan-activity;sid:84152829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.3.55.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289728/; classtype:trojan-activity;sid:84152828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.65.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289725/; classtype:trojan-activity;sid:84152825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.150.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289726/; classtype:trojan-activity;sid:84152826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.32.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289727/; classtype:trojan-activity;sid:84152827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.112.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289724/; classtype:trojan-activity;sid:84152824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.34.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289723/; classtype:trojan-activity;sid:84152823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.227.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289722/; classtype:trojan-activity;sid:84152822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.70.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289721/; classtype:trojan-activity;sid:84152821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.83.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289720/; classtype:trojan-activity;sid:84152820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.110.15.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289719/; classtype:trojan-activity;sid:84152819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.140.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289718/; classtype:trojan-activity;sid:84152818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.199.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289717/; classtype:trojan-activity;sid:84152817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.39.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289716/; classtype:trojan-activity;sid:84152816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.2.198"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289715/; classtype:trojan-activity;sid:84152815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.0.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289714/; classtype:trojan-activity;sid:84152814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.79.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289713/; classtype:trojan-activity;sid:84152813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.173.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289712/; classtype:trojan-activity;sid:84152812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.110.3.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289711/; classtype:trojan-activity;sid:84152811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.230.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289710/; classtype:trojan-activity;sid:84152810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.9.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289709/; classtype:trojan-activity;sid:84152809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.234.185.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289707/; classtype:trojan-activity;sid:84152807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.215.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289708/; classtype:trojan-activity;sid:84152808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.126.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289706/; classtype:trojan-activity;sid:84152806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.84.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289705/; classtype:trojan-activity;sid:84152805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.32.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289704/; classtype:trojan-activity;sid:84152804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.251.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289703/; classtype:trojan-activity;sid:84152803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.27.37.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289702/; classtype:trojan-activity;sid:84152802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.0.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289701/; classtype:trojan-activity;sid:84152801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.249.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289699/; classtype:trojan-activity;sid:84152799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.159.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289700/; classtype:trojan-activity;sid:84152800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.235.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289698/; classtype:trojan-activity;sid:84152798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.77.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289697/; classtype:trojan-activity;sid:84152797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.215.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289696/; classtype:trojan-activity;sid:84152796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.150.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289695/; classtype:trojan-activity;sid:84152795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.200.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289694/; classtype:trojan-activity;sid:84152794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.65.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289693/; classtype:trojan-activity;sid:84152793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.103.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289692/; classtype:trojan-activity;sid:84152792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.245.2.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289691/; classtype:trojan-activity;sid:84152791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.75.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289690/; classtype:trojan-activity;sid:84152790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.121.3.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289689/; classtype:trojan-activity;sid:84152789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.39.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289686/; classtype:trojan-activity;sid:84152786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.235.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289687/; classtype:trojan-activity;sid:84152787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.122.112.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289688/; classtype:trojan-activity;sid:84152788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.212.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289685/; classtype:trojan-activity;sid:84152785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.185.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289683/; classtype:trojan-activity;sid:84152783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.40.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289684/; classtype:trojan-activity;sid:84152784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.173.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289682/; classtype:trojan-activity;sid:84152782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.159.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289681/; classtype:trojan-activity;sid:84152781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.215.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289680/; classtype:trojan-activity;sid:84152780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.228.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289679/; classtype:trojan-activity;sid:84152779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.84.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289678/; classtype:trojan-activity;sid:84152778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.37.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289677/; classtype:trojan-activity;sid:84152777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.98.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289676/; classtype:trojan-activity;sid:84152776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289675)"; flow:established,from_client; content:"GET"; http_method; content:"/gotocheckout"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dwqjh.cloudid.teacherhamish.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289675/; classtype:trojan-activity;sid:84152775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.233.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289672/; classtype:trojan-activity;sid:84152772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.111.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289673/; classtype:trojan-activity;sid:84152773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289674/; classtype:trojan-activity;sid:84152774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.218.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289671/; classtype:trojan-activity;sid:84152771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289670/; classtype:trojan-activity;sid:84152770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.215.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289669/; classtype:trojan-activity;sid:84152769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.122.112.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289668/; classtype:trojan-activity;sid:84152768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.239.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289667/; classtype:trojan-activity;sid:84152767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.176.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289666/; classtype:trojan-activity;sid:84152766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.118.154.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289665/; classtype:trojan-activity;sid:84152765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.131.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289663/; classtype:trojan-activity;sid:84152763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.142.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289664/; classtype:trojan-activity;sid:84152764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.160.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289662/; classtype:trojan-activity;sid:84152762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.193.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289661/; classtype:trojan-activity;sid:84152761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.216.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289660/; classtype:trojan-activity;sid:84152760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.100.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289659/; classtype:trojan-activity;sid:84152759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.160.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289658/; classtype:trojan-activity;sid:84152758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.86.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289657/; classtype:trojan-activity;sid:84152757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.160.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289656/; classtype:trojan-activity;sid:84152756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.137.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289655/; classtype:trojan-activity;sid:84152755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.50.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289654/; classtype:trojan-activity;sid:84152754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.10.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289653/; classtype:trojan-activity;sid:84152753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.182.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289652/; classtype:trojan-activity;sid:84152752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.21.174.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289651/; classtype:trojan-activity;sid:84152751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.155.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289650/; classtype:trojan-activity;sid:84152750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.170.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289649/; classtype:trojan-activity;sid:84152749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289648/; classtype:trojan-activity;sid:84152748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.113.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289646/; classtype:trojan-activity;sid:84152746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.219.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289647/; classtype:trojan-activity;sid:84152747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.52.140.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289645/; classtype:trojan-activity;sid:84152745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.155.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289644/; classtype:trojan-activity;sid:84152744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.154.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289643/; classtype:trojan-activity;sid:84152743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.193.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289642/; classtype:trojan-activity;sid:84152742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.44.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289641/; classtype:trojan-activity;sid:84152741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.31.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289640/; classtype:trojan-activity;sid:84152740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.210.190.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289639/; classtype:trojan-activity;sid:84152739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.76.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289638/; classtype:trojan-activity;sid:84152738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.236.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289636/; classtype:trojan-activity;sid:84152736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.119.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289637/; classtype:trojan-activity;sid:84152737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.161.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289635/; classtype:trojan-activity;sid:84152735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.155.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289634/; classtype:trojan-activity;sid:84152734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.9.125"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289633/; classtype:trojan-activity;sid:84152733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.50.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289632/; classtype:trojan-activity;sid:84152732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.167.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289631/; classtype:trojan-activity;sid:84152731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.119.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289630/; classtype:trojan-activity;sid:84152730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.16.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289628/; classtype:trojan-activity;sid:84152728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.137.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289629/; classtype:trojan-activity;sid:84152729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.182.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289627/; classtype:trojan-activity;sid:84152727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.155.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289626/; classtype:trojan-activity;sid:84152726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.3.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289625/; classtype:trojan-activity;sid:84152725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.100.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289624/; classtype:trojan-activity;sid:84152724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.113.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289623/; classtype:trojan-activity;sid:84152723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.58.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289622/; classtype:trojan-activity;sid:84152722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.52.140.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289621/; classtype:trojan-activity;sid:84152721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.44.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289620/; classtype:trojan-activity;sid:84152720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.254.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289618/; classtype:trojan-activity;sid:84152718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.107.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289619/; classtype:trojan-activity;sid:84152719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.32.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289617/; classtype:trojan-activity;sid:84152717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.198.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289616/; classtype:trojan-activity;sid:84152716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.83.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289615/; classtype:trojan-activity;sid:84152715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.180.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289614/; classtype:trojan-activity;sid:84152714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.16.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289613/; classtype:trojan-activity;sid:84152713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.206.18.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289612/; classtype:trojan-activity;sid:84152712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289611)"; flow:established,from_client; content:"GET"; http_method; content:"/1.ps1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fish.hackbiji.cc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289611/; classtype:trojan-activity;sid:84152711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.210.190.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289610/; classtype:trojan-activity;sid:84152710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.31.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289609/; classtype:trojan-activity;sid:84152709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.174.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289608/; classtype:trojan-activity;sid:84152708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.64.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289607/; classtype:trojan-activity;sid:84152707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.167.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289606/; classtype:trojan-activity;sid:84152706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.206.18.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289605/; classtype:trojan-activity;sid:84152705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.242.106.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289604/; classtype:trojan-activity;sid:84152704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.1.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289603/; classtype:trojan-activity;sid:84152703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.254.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289602/; classtype:trojan-activity;sid:84152702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.176.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289601/; classtype:trojan-activity;sid:84152701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289600)"; flow:established,from_client; content:"GET"; http_method; content:"/9eeb21db68649b6f/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"154.216.20.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289600/; classtype:trojan-activity;sid:84152700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289599)"; flow:established,from_client; content:"GET"; http_method; content:"/4f21fd58a5ca1e4b/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.235.128.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289599/; classtype:trojan-activity;sid:84152699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289597)"; flow:established,from_client; content:"GET"; http_method; content:"/9eeb21db68649b6f/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"154.216.20.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289597/; classtype:trojan-activity;sid:84152697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289598)"; flow:established,from_client; content:"GET"; http_method; content:"/9eeb21db68649b6f/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"154.216.20.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289598/; classtype:trojan-activity;sid:84152698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289595)"; flow:established,from_client; content:"GET"; http_method; content:"/4700d1fcc2917f37/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"193.138.195.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289595/; classtype:trojan-activity;sid:84152695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289596)"; flow:established,from_client; content:"GET"; http_method; content:"/4700d1fcc2917f37/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"193.138.195.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289596/; classtype:trojan-activity;sid:84152696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.90.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289594/; classtype:trojan-activity;sid:84152694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.3.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289592/; classtype:trojan-activity;sid:84152692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.225.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289593/; classtype:trojan-activity;sid:84152693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.91.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289591/; classtype:trojan-activity;sid:84152691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.198.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289590/; classtype:trojan-activity;sid:84152690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.117.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289589/; classtype:trojan-activity;sid:84152689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289588)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/lma.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289588/; classtype:trojan-activity;sid:84152688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289584)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/ad/dll.txt"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289584/; classtype:trojan-activity;sid:84152684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289585)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/ab/f3dll.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289585/; classtype:trojan-activity;sid:84152685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289586)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/ac/f3dll.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289586/; classtype:trojan-activity;sid:84152686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289587)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/ds5.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289587/; classtype:trojan-activity;sid:84152687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289583)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/ar/f3dll.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289583/; classtype:trojan-activity;sid:84152683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.35.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289582/; classtype:trojan-activity;sid:84152682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.107.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289581/; classtype:trojan-activity;sid:84152681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289580)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.114.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289580/; classtype:trojan-activity;sid:84152680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.58.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289579/; classtype:trojan-activity;sid:84152679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.180.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289578/; classtype:trojan-activity;sid:84152678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.128.155.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289577/; classtype:trojan-activity;sid:84152677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.5.12"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289576/; classtype:trojan-activity;sid:84152676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.197.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289575/; classtype:trojan-activity;sid:84152675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.175.153.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289574/; classtype:trojan-activity;sid:84152674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.225.120.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289573/; classtype:trojan-activity;sid:84152673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289571)"; flow:established,from_client; content:"GET"; http_method; content:"/beefy.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289571/; classtype:trojan-activity;sid:84152671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289572)"; flow:established,from_client; content:"GET"; http_method; content:"/solandra.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289572/; classtype:trojan-activity;sid:84152672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.247.208.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289570/; classtype:trojan-activity;sid:84152670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.56.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289569/; classtype:trojan-activity;sid:84152669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.16.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289568/; classtype:trojan-activity;sid:84152668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.8.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289567/; classtype:trojan-activity;sid:84152667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289566)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.194.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289566/; classtype:trojan-activity;sid:84152666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.51.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289565/; classtype:trojan-activity;sid:84152665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.68.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289564/; classtype:trojan-activity;sid:84152664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.27.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289563/; classtype:trojan-activity;sid:84152663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.200.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289562/; classtype:trojan-activity;sid:84152662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.37.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289561/; classtype:trojan-activity;sid:84152661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.6.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289560/; classtype:trojan-activity;sid:84152660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.242.106.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289559/; classtype:trojan-activity;sid:84152659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.91.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289558/; classtype:trojan-activity;sid:84152658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.197.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289557/; classtype:trojan-activity;sid:84152657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.218.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289556/; classtype:trojan-activity;sid:84152656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.35.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289555/; classtype:trojan-activity;sid:84152655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.167.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289554/; classtype:trojan-activity;sid:84152654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.222.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289553/; classtype:trojan-activity;sid:84152653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.173.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289552/; classtype:trojan-activity;sid:84152652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.66.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289551/; classtype:trojan-activity;sid:84152651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.35.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289550/; classtype:trojan-activity;sid:84152650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.128.155.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289548/; classtype:trojan-activity;sid:84152648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.240.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289549/; classtype:trojan-activity;sid:84152649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.225.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289547/; classtype:trojan-activity;sid:84152647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.208.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289546/; classtype:trojan-activity;sid:84152646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.56.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289545/; classtype:trojan-activity;sid:84152645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.26.113.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289544/; classtype:trojan-activity;sid:84152644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.21.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289543/; classtype:trojan-activity;sid:84152643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.215.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289542/; classtype:trojan-activity;sid:84152642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.27.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289541/; classtype:trojan-activity;sid:84152641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289538)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/fjmraai.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289538/; classtype:trojan-activity;sid:84152638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289539)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/pfmrnfd.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289539/; classtype:trojan-activity;sid:84152639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289540)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/rmkrihk.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289540/; classtype:trojan-activity;sid:84152640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289536)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/ifdjbdg.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289536/; classtype:trojan-activity;sid:84152636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289537)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/ndkpcdi.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289537/; classtype:trojan-activity;sid:84152637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289534)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/akdijfa.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289534/; classtype:trojan-activity;sid:84152634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289535)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/jidbadp.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289535/; classtype:trojan-activity;sid:84152635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.6.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289533/; classtype:trojan-activity;sid:84152633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.27.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289532/; classtype:trojan-activity;sid:84152632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.204.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289531/; classtype:trojan-activity;sid:84152631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289530)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289530/; classtype:trojan-activity;sid:84152630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.16.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289529/; classtype:trojan-activity;sid:84152629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289527)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289527/; classtype:trojan-activity;sid:84152627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289528)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289528/; classtype:trojan-activity;sid:84152628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289514)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"panel.noxichosts.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289514/; classtype:trojan-activity;sid:84152614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289515)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"panel.noxichosts.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289515/; classtype:trojan-activity;sid:84152615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289516)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"panel.noxichosts.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289516/; classtype:trojan-activity;sid:84152616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289517)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"panel.noxichosts.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289517/; classtype:trojan-activity;sid:84152617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289518)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"panel.noxichosts.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289518/; classtype:trojan-activity;sid:84152618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289519)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"panel.noxichosts.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289519/; classtype:trojan-activity;sid:84152619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289520)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"panel.noxichosts.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289520/; classtype:trojan-activity;sid:84152620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289521)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"panel.noxichosts.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289521/; classtype:trojan-activity;sid:84152621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289522)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"panel.noxichosts.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289522/; classtype:trojan-activity;sid:84152622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289523)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"panel.noxichosts.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289523/; classtype:trojan-activity;sid:84152623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289524)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"panel.noxichosts.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289524/; classtype:trojan-activity;sid:84152624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289525)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"panel.noxichosts.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289525/; classtype:trojan-activity;sid:84152625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289526)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"panel.noxichosts.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289526/; classtype:trojan-activity;sid:84152626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289512)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"panel.noxichosts.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289512/; classtype:trojan-activity;sid:84152612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289513)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"panel.noxichosts.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289513/; classtype:trojan-activity;sid:84152613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289510)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289510/; classtype:trojan-activity;sid:84152610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289511)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289511/; classtype:trojan-activity;sid:84152611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289509)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"node.noxichosts.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289509/; classtype:trojan-activity;sid:84152609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289506)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289506/; classtype:trojan-activity;sid:84152606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289507)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289507/; classtype:trojan-activity;sid:84152607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289508)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289508/; classtype:trojan-activity;sid:84152608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.236.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289505/; classtype:trojan-activity;sid:84152605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289504)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"node.noxichosts.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289504/; classtype:trojan-activity;sid:84152604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289502)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"node.noxichosts.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289502/; classtype:trojan-activity;sid:84152602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289503)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289503/; classtype:trojan-activity;sid:84152603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289484)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"node.noxichosts.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289484/; classtype:trojan-activity;sid:84152584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289485)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289485/; classtype:trojan-activity;sid:84152585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289486)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289486/; classtype:trojan-activity;sid:84152586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289487)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289487/; classtype:trojan-activity;sid:84152587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289488)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"node.noxichosts.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289488/; classtype:trojan-activity;sid:84152588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289489)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"node.noxichosts.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289489/; classtype:trojan-activity;sid:84152589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289490)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"node.noxichosts.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289490/; classtype:trojan-activity;sid:84152590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289491)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289491/; classtype:trojan-activity;sid:84152591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289492)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"node.noxichosts.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289492/; classtype:trojan-activity;sid:84152592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289493)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289493/; classtype:trojan-activity;sid:84152593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289494)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"node.noxichosts.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289494/; classtype:trojan-activity;sid:84152594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289495)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"node.noxichosts.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289495/; classtype:trojan-activity;sid:84152595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289496)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"node.noxichosts.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289496/; classtype:trojan-activity;sid:84152596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289497)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"node.noxichosts.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289497/; classtype:trojan-activity;sid:84152597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289498)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"node.noxichosts.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289498/; classtype:trojan-activity;sid:84152598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289499)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"node.noxichosts.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289499/; classtype:trojan-activity;sid:84152599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289500)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"node.noxichosts.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289500/; classtype:trojan-activity;sid:84152600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289501)"; flow:established,from_client; content:"GET"; http_method; content:"/nice/satan.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289501/; classtype:trojan-activity;sid:84152601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.186.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289483/; classtype:trojan-activity;sid:84152583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.154.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289482/; classtype:trojan-activity;sid:84152582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.35.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289481/; classtype:trojan-activity;sid:84152581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.12.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289480/; classtype:trojan-activity;sid:84152580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.66.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289479/; classtype:trojan-activity;sid:84152579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.4.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289478/; classtype:trojan-activity;sid:84152578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289477)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289477/; classtype:trojan-activity;sid:84152577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.225.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289476/; classtype:trojan-activity;sid:84152576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.14.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289475/; classtype:trojan-activity;sid:84152575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289474/; classtype:trojan-activity;sid:84152574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289473)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.59.7.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289473/; classtype:trojan-activity;sid:84152573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.253.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289472/; classtype:trojan-activity;sid:84152572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.30.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289471/; classtype:trojan-activity;sid:84152571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.204.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289470/; classtype:trojan-activity;sid:84152570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.250.231.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289468/; classtype:trojan-activity;sid:84152568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.57.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289469/; classtype:trojan-activity;sid:84152569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.12.77.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289467/; classtype:trojan-activity;sid:84152567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.255.216.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289466/; classtype:trojan-activity;sid:84152566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.35.24.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289465/; classtype:trojan-activity;sid:84152565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.65.59.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289460/; classtype:trojan-activity;sid:84152560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289461/; classtype:trojan-activity;sid:84152561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.2.177.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289462/; classtype:trojan-activity;sid:84152562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.97.36.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289463/; classtype:trojan-activity;sid:84152563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.28.177.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289464/; classtype:trojan-activity;sid:84152564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.202.101.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289456/; classtype:trojan-activity;sid:84152556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.20.63.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289457/; classtype:trojan-activity;sid:84152557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.39.20.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289458/; classtype:trojan-activity;sid:84152558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.6.103.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289459/; classtype:trojan-activity;sid:84152559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.201.176.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289454/; classtype:trojan-activity;sid:84152554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.57.117.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289455/; classtype:trojan-activity;sid:84152555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.27.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289453/; classtype:trojan-activity;sid:84152553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.181.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289452/; classtype:trojan-activity;sid:84152552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289451)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.87.54.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289451/; classtype:trojan-activity;sid:84152551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289446)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.87.54.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289446/; classtype:trojan-activity;sid:84152546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289447)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.87.54.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289447/; classtype:trojan-activity;sid:84152547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289448)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.87.54.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289448/; classtype:trojan-activity;sid:84152548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289449)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.87.54.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289449/; classtype:trojan-activity;sid:84152549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289450)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.87.54.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289450/; classtype:trojan-activity;sid:84152550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289442)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.87.54.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289442/; classtype:trojan-activity;sid:84152542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289443)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.87.54.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289443/; classtype:trojan-activity;sid:84152543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289444)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.87.54.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289444/; classtype:trojan-activity;sid:84152544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289445)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.87.54.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289445/; classtype:trojan-activity;sid:84152545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.195.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289441/; classtype:trojan-activity;sid:84152541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.85.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289440/; classtype:trojan-activity;sid:84152540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.34.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289439/; classtype:trojan-activity;sid:84152539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.103.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289438/; classtype:trojan-activity;sid:84152538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.4.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289437/; classtype:trojan-activity;sid:84152537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.167.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289435/; classtype:trojan-activity;sid:84152535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.186.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289436/; classtype:trojan-activity;sid:84152536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.12.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289434/; classtype:trojan-activity;sid:84152534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.46.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289433/; classtype:trojan-activity;sid:84152533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.63.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289432/; classtype:trojan-activity;sid:84152532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.26.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289431/; classtype:trojan-activity;sid:84152531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.28.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289430/; classtype:trojan-activity;sid:84152530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289429)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.238.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289429/; classtype:trojan-activity;sid:84152529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.186.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289428/; classtype:trojan-activity;sid:84152528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.253.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289427/; classtype:trojan-activity;sid:84152527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.115.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289426/; classtype:trojan-activity;sid:84152526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.193.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289425/; classtype:trojan-activity;sid:84152525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.107.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289424/; classtype:trojan-activity;sid:84152524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.34.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289423/; classtype:trojan-activity;sid:84152523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.96.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289422/; classtype:trojan-activity;sid:84152522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.8.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289421/; classtype:trojan-activity;sid:84152521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.115.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289420/; classtype:trojan-activity;sid:84152520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.102.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289419/; classtype:trojan-activity;sid:84152519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.153.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289418/; classtype:trojan-activity;sid:84152518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289417/; classtype:trojan-activity;sid:84152517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.121.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289416/; classtype:trojan-activity;sid:84152516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.28.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289415/; classtype:trojan-activity;sid:84152515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.85.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289414/; classtype:trojan-activity;sid:84152514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289413/; classtype:trojan-activity;sid:84152513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.229.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289412/; classtype:trojan-activity;sid:84152512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.26.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289411/; classtype:trojan-activity;sid:84152511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.195.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289410/; classtype:trojan-activity;sid:84152510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.18.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289409/; classtype:trojan-activity;sid:84152509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.186.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289408/; classtype:trojan-activity;sid:84152508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.63.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289407/; classtype:trojan-activity;sid:84152507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.127.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289406/; classtype:trojan-activity;sid:84152506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.30.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289404/; classtype:trojan-activity;sid:84152504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.153.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289405/; classtype:trojan-activity;sid:84152505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.241.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289403/; classtype:trojan-activity;sid:84152503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.0.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289402/; classtype:trojan-activity;sid:84152502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.200.168.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289401/; classtype:trojan-activity;sid:84152501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.239.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289400/; classtype:trojan-activity;sid:84152500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.56.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289398/; classtype:trojan-activity;sid:84152498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.76.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289399/; classtype:trojan-activity;sid:84152499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.8.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289397/; classtype:trojan-activity;sid:84152497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.135.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289396/; classtype:trojan-activity;sid:84152496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.83.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289395/; classtype:trojan-activity;sid:84152495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.0.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289394/; classtype:trojan-activity;sid:84152494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.30.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289393/; classtype:trojan-activity;sid:84152493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.238.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289392/; classtype:trojan-activity;sid:84152492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.211.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289391/; classtype:trojan-activity;sid:84152491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.31.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289390/; classtype:trojan-activity;sid:84152490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.84.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289389/; classtype:trojan-activity;sid:84152489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.134.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289388/; classtype:trojan-activity;sid:84152488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.18.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289387/; classtype:trojan-activity;sid:84152487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.115.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289386/; classtype:trojan-activity;sid:84152486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.202.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289385/; classtype:trojan-activity;sid:84152485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.177.28.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289384/; classtype:trojan-activity;sid:84152484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.97.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289383/; classtype:trojan-activity;sid:84152483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.140.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289382/; classtype:trojan-activity;sid:84152482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.86.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289381/; classtype:trojan-activity;sid:84152481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.59.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289380/; classtype:trojan-activity;sid:84152480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289379/; classtype:trojan-activity;sid:84152479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.137.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289378/; classtype:trojan-activity;sid:84152478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289377/; classtype:trojan-activity;sid:84152477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.206.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289376/; classtype:trojan-activity;sid:84152476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.232.241.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289375/; classtype:trojan-activity;sid:84152475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.68.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289374/; classtype:trojan-activity;sid:84152474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.227.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289373/; classtype:trojan-activity;sid:84152473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.168.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289372/; classtype:trojan-activity;sid:84152472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.83.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289371/; classtype:trojan-activity;sid:84152471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.2.50.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289370/; classtype:trojan-activity;sid:84152470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.203.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289369/; classtype:trojan-activity;sid:84152469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.203.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289368/; classtype:trojan-activity;sid:84152468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.38.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289367/; classtype:trojan-activity;sid:84152467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.115.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289366/; classtype:trojan-activity;sid:84152466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.23.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289365/; classtype:trojan-activity;sid:84152465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.84.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289362/; classtype:trojan-activity;sid:84152462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289363/; classtype:trojan-activity;sid:84152463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.29.131.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289364/; classtype:trojan-activity;sid:84152464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.12.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289361/; classtype:trojan-activity;sid:84152461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.0.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289360/; classtype:trojan-activity;sid:84152460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.27.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289359/; classtype:trojan-activity;sid:84152459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.237.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289358/; classtype:trojan-activity;sid:84152458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.97.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289357/; classtype:trojan-activity;sid:84152457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.218.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289356/; classtype:trojan-activity;sid:84152456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.168.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289355/; classtype:trojan-activity;sid:84152455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.137.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289354/; classtype:trojan-activity;sid:84152454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289353)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.95.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289353/; classtype:trojan-activity;sid:84152453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.127.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289352/; classtype:trojan-activity;sid:84152452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.7.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289351/; classtype:trojan-activity;sid:84152451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.44.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289350/; classtype:trojan-activity;sid:84152450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.115.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289349/; classtype:trojan-activity;sid:84152449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.20.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289348/; classtype:trojan-activity;sid:84152448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.24.25.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289347/; classtype:trojan-activity;sid:84152447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.68.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289346/; classtype:trojan-activity;sid:84152446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.115.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289345/; classtype:trojan-activity;sid:84152445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.128.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289344/; classtype:trojan-activity;sid:84152444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.123.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289343/; classtype:trojan-activity;sid:84152443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.254.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289341/; classtype:trojan-activity;sid:84152441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.169.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289342/; classtype:trojan-activity;sid:84152442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.240.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289340/; classtype:trojan-activity;sid:84152440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.20.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289339/; classtype:trojan-activity;sid:84152439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289338/; classtype:trojan-activity;sid:84152438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.144.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289337/; classtype:trojan-activity;sid:84152437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.193.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289335/; classtype:trojan-activity;sid:84152435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.12.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289336/; classtype:trojan-activity;sid:84152436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.44.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289334/; classtype:trojan-activity;sid:84152434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"164.163.25.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289333/; classtype:trojan-activity;sid:84152433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.55.166"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289332/; classtype:trojan-activity;sid:84152432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289331/; classtype:trojan-activity;sid:84152431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289330)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.45.56.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289330/; classtype:trojan-activity;sid:84152430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.186.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289329/; classtype:trojan-activity;sid:84152429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.55.166"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289328/; classtype:trojan-activity;sid:84152428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.241.176.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289327/; classtype:trojan-activity;sid:84152427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.90.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289326/; classtype:trojan-activity;sid:84152426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.243.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289325/; classtype:trojan-activity;sid:84152425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.6.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289324/; classtype:trojan-activity;sid:84152424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.227.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289323/; classtype:trojan-activity;sid:84152423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.26.113.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289322/; classtype:trojan-activity;sid:84152422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289321/; classtype:trojan-activity;sid:84152421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289320/; classtype:trojan-activity;sid:84152420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.186.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289319/; classtype:trojan-activity;sid:84152419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.189.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289318/; classtype:trojan-activity;sid:84152418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.6.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289317/; classtype:trojan-activity;sid:84152417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.144.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289316/; classtype:trojan-activity;sid:84152416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.89.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289315/; classtype:trojan-activity;sid:84152415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.123.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289314/; classtype:trojan-activity;sid:84152414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.100.197.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289313/; classtype:trojan-activity;sid:84152413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.252.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289312/; classtype:trojan-activity;sid:84152412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.167.175.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289311/; classtype:trojan-activity;sid:84152411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.225.120.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289310/; classtype:trojan-activity;sid:84152410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.89.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289309/; classtype:trojan-activity;sid:84152409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.52.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289308/; classtype:trojan-activity;sid:84152408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.179.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289307/; classtype:trojan-activity;sid:84152407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.237.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289305/; classtype:trojan-activity;sid:84152405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.224.82.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289306/; classtype:trojan-activity;sid:84152406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.243.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289304/; classtype:trojan-activity;sid:84152404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.65.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289303/; classtype:trojan-activity;sid:84152403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.74.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289302/; classtype:trojan-activity;sid:84152402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.242.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289301/; classtype:trojan-activity;sid:84152401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289300/; classtype:trojan-activity;sid:84152400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.90.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289299/; classtype:trojan-activity;sid:84152399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.125.119.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289297/; classtype:trojan-activity;sid:84152397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.229.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289298/; classtype:trojan-activity;sid:84152398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.121.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289296/; classtype:trojan-activity;sid:84152396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.82.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289295/; classtype:trojan-activity;sid:84152395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.29.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289292/; classtype:trojan-activity;sid:84152392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.219.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289293/; classtype:trojan-activity;sid:84152393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.100.197.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289294/; classtype:trojan-activity;sid:84152394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.64.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289291/; classtype:trojan-activity;sid:84152391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.99.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289289/; classtype:trojan-activity;sid:84152389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.62.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289290/; classtype:trojan-activity;sid:84152390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.7.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289288/; classtype:trojan-activity;sid:84152388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.75.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289287/; classtype:trojan-activity;sid:84152387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.167.175.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289286/; classtype:trojan-activity;sid:84152386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.176.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289285/; classtype:trojan-activity;sid:84152385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.95.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289284/; classtype:trojan-activity;sid:84152384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.150.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289283/; classtype:trojan-activity;sid:84152383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.179.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289282/; classtype:trojan-activity;sid:84152382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.187.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289281/; classtype:trojan-activity;sid:84152381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.125.119.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289280/; classtype:trojan-activity;sid:84152380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.150.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289279/; classtype:trojan-activity;sid:84152379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.153.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289278/; classtype:trojan-activity;sid:84152378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.229.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289277/; classtype:trojan-activity;sid:84152377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.6.250"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289276/; classtype:trojan-activity;sid:84152376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289275/; classtype:trojan-activity;sid:84152375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.95.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289274/; classtype:trojan-activity;sid:84152374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.188.142.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289273/; classtype:trojan-activity;sid:84152373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.29.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289272/; classtype:trojan-activity;sid:84152372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289271/; classtype:trojan-activity;sid:84152371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.94.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289270/; classtype:trojan-activity;sid:84152370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.92.240.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289269/; classtype:trojan-activity;sid:84152369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.144.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289268/; classtype:trojan-activity;sid:84152368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.75.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289267/; classtype:trojan-activity;sid:84152367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.153.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289266/; classtype:trojan-activity;sid:84152366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.211.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289265/; classtype:trojan-activity;sid:84152365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289264/; classtype:trojan-activity;sid:84152364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.249.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289263/; classtype:trojan-activity;sid:84152363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.222.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289262/; classtype:trojan-activity;sid:84152362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.162.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289261/; classtype:trojan-activity;sid:84152361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.187.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289260/; classtype:trojan-activity;sid:84152360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.54.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289259/; classtype:trojan-activity;sid:84152359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.188.142.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289257/; classtype:trojan-activity;sid:84152357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.86.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289258/; classtype:trojan-activity;sid:84152358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.202.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289256/; classtype:trojan-activity;sid:84152356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.210.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289255/; classtype:trojan-activity;sid:84152355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.214.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289254/; classtype:trojan-activity;sid:84152354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.144.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289252/; classtype:trojan-activity;sid:84152352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.55.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289253/; classtype:trojan-activity;sid:84152353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.180.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289251/; classtype:trojan-activity;sid:84152351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.153.91.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289250/; classtype:trojan-activity;sid:84152350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.92.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289249/; classtype:trojan-activity;sid:84152349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.86.143"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289248/; classtype:trojan-activity;sid:84152348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.21.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289246/; classtype:trojan-activity;sid:84152346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289247/; classtype:trojan-activity;sid:84152347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.92.240.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289245/; classtype:trojan-activity;sid:84152345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.227.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289244/; classtype:trojan-activity;sid:84152344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.235.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289243/; classtype:trojan-activity;sid:84152343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.210.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289240/; classtype:trojan-activity;sid:84152340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.86.143"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289241/; classtype:trojan-activity;sid:84152341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.31.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289242/; classtype:trojan-activity;sid:84152342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.19.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289239/; classtype:trojan-activity;sid:84152339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.92.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289238/; classtype:trojan-activity;sid:84152338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.202.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289237/; classtype:trojan-activity;sid:84152337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.214.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289236/; classtype:trojan-activity;sid:84152336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.215.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289235/; classtype:trojan-activity;sid:84152335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289234)"; flow:established,from_client; content:"GET"; http_method; content:"/img/mk.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.120.125.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289234/; classtype:trojan-activity;sid:84152334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.210.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289232/; classtype:trojan-activity;sid:84152332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.210.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289233/; classtype:trojan-activity;sid:84152333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.66.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289231/; classtype:trojan-activity;sid:84152331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.247.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289230/; classtype:trojan-activity;sid:84152330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.213.69.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289229/; classtype:trojan-activity;sid:84152329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289228)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.7.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289228/; classtype:trojan-activity;sid:84152328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.246.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289227/; classtype:trojan-activity;sid:84152327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.251.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289226/; classtype:trojan-activity;sid:84152326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289225)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289225/; classtype:trojan-activity;sid:84152325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.23.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289224/; classtype:trojan-activity;sid:84152324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.43.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289223/; classtype:trojan-activity;sid:84152323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.227.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289222/; classtype:trojan-activity;sid:84152322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.140.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289221/; classtype:trojan-activity;sid:84152321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.75.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289220/; classtype:trojan-activity;sid:84152320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.31.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289219/; classtype:trojan-activity;sid:84152319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.26.92.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289218/; classtype:trojan-activity;sid:84152318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.12.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289217/; classtype:trojan-activity;sid:84152317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.210.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289216/; classtype:trojan-activity;sid:84152316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.223.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289215/; classtype:trojan-activity;sid:84152315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.250.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289214/; classtype:trojan-activity;sid:84152314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.39.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289213/; classtype:trojan-activity;sid:84152313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.193.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289212/; classtype:trojan-activity;sid:84152312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.12.94.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289211/; classtype:trojan-activity;sid:84152311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.92.35.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289210/; classtype:trojan-activity;sid:84152310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.210.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289209/; classtype:trojan-activity;sid:84152309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.170.37.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289208/; classtype:trojan-activity;sid:84152308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.76.180.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289207/; classtype:trojan-activity;sid:84152307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.243.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289206/; classtype:trojan-activity;sid:84152306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.37.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289205/; classtype:trojan-activity;sid:84152305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289204)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.86.143"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289204/; classtype:trojan-activity;sid:84152304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289203)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.11.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289203/; classtype:trojan-activity;sid:84152303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289202/; classtype:trojan-activity;sid:84152302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.148.110.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289201/; classtype:trojan-activity;sid:84152301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.162.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289200/; classtype:trojan-activity;sid:84152300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.35.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289199/; classtype:trojan-activity;sid:84152299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.213.71.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289198/; classtype:trojan-activity;sid:84152298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.2.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289196/; classtype:trojan-activity;sid:84152296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.169.234.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289197/; classtype:trojan-activity;sid:84152297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.223.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289195/; classtype:trojan-activity;sid:84152295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.12.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289194/; classtype:trojan-activity;sid:84152294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.12.186.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289193/; classtype:trojan-activity;sid:84152293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.71.201.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289191/; classtype:trojan-activity;sid:84152291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.123.238.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289192/; classtype:trojan-activity;sid:84152292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.198.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289190/; classtype:trojan-activity;sid:84152290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.223.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289189/; classtype:trojan-activity;sid:84152289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.76.180.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289188/; classtype:trojan-activity;sid:84152288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.75.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289187/; classtype:trojan-activity;sid:84152287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.117.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289186/; classtype:trojan-activity;sid:84152286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.37.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289185/; classtype:trojan-activity;sid:84152285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.253.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289184/; classtype:trojan-activity;sid:84152284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.213.71.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289183/; classtype:trojan-activity;sid:84152283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.98.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289182/; classtype:trojan-activity;sid:84152282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.221.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289181/; classtype:trojan-activity;sid:84152281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.57.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289179/; classtype:trojan-activity;sid:84152279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.55.166"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289180/; classtype:trojan-activity;sid:84152280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.186.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289178/; classtype:trojan-activity;sid:84152278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.48.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289177/; classtype:trojan-activity;sid:84152277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.98.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289176/; classtype:trojan-activity;sid:84152276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289175/; classtype:trojan-activity;sid:84152275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.229.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289174/; classtype:trojan-activity;sid:84152274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.20.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289173/; classtype:trojan-activity;sid:84152273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.118.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289172/; classtype:trojan-activity;sid:84152272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.51.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289171/; classtype:trojan-activity;sid:84152271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.94.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289170/; classtype:trojan-activity;sid:84152270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289169/; classtype:trojan-activity;sid:84152269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.92.1.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289168/; classtype:trojan-activity;sid:84152268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.48.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289167/; classtype:trojan-activity;sid:84152267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.60.238.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289166/; classtype:trojan-activity;sid:84152266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.51.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289165/; classtype:trojan-activity;sid:84152265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.5.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289164/; classtype:trojan-activity;sid:84152264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.85.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289163/; classtype:trojan-activity;sid:84152263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.212.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289162/; classtype:trojan-activity;sid:84152262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.191.81.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289161/; classtype:trojan-activity;sid:84152261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.122.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289160/; classtype:trojan-activity;sid:84152260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.1.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289159/; classtype:trojan-activity;sid:84152259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.23.153.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289158/; classtype:trojan-activity;sid:84152258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.235.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289157/; classtype:trojan-activity;sid:84152257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.14.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289156/; classtype:trojan-activity;sid:84152256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.39.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289155/; classtype:trojan-activity;sid:84152255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.51.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289154/; classtype:trojan-activity;sid:84152254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.31.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289153/; classtype:trojan-activity;sid:84152253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.112.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289152/; classtype:trojan-activity;sid:84152252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.229.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289151/; classtype:trojan-activity;sid:84152251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.122.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289150/; classtype:trojan-activity;sid:84152250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.240.236.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289149/; classtype:trojan-activity;sid:84152249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.5.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289148/; classtype:trojan-activity;sid:84152248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.30.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289147/; classtype:trojan-activity;sid:84152247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.118.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289146/; classtype:trojan-activity;sid:84152246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.240.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289145/; classtype:trojan-activity;sid:84152245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.14.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289144/; classtype:trojan-activity;sid:84152244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.23.153.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289143/; classtype:trojan-activity;sid:84152243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.51.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289142/; classtype:trojan-activity;sid:84152242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.248.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289141/; classtype:trojan-activity;sid:84152241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.30.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289140/; classtype:trojan-activity;sid:84152240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.250.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289139/; classtype:trojan-activity;sid:84152239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.183.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289138/; classtype:trojan-activity;sid:84152238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.248.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289137/; classtype:trojan-activity;sid:84152237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.24.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289135/; classtype:trojan-activity;sid:84152235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.56.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289136/; classtype:trojan-activity;sid:84152236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.64.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289134/; classtype:trojan-activity;sid:84152234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.82.114.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289133/; classtype:trojan-activity;sid:84152233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.190.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289132/; classtype:trojan-activity;sid:84152232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.36.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289131/; classtype:trojan-activity;sid:84152231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.71.3.91"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289130/; classtype:trojan-activity;sid:84152230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.21.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289129/; classtype:trojan-activity;sid:84152229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.31.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289128/; classtype:trojan-activity;sid:84152228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.253.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289127/; classtype:trojan-activity;sid:84152227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.43.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289126/; classtype:trojan-activity;sid:84152226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289125/; classtype:trojan-activity;sid:84152225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.13.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289124/; classtype:trojan-activity;sid:84152224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.131.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289123/; classtype:trojan-activity;sid:84152223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.82.114.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289122/; classtype:trojan-activity;sid:84152222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289120)"; flow:established,from_client; content:"GET"; http_method; content:"/z"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289120/; classtype:trojan-activity;sid:84152220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.247.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289121/; classtype:trojan-activity;sid:84152221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289119)"; flow:established,from_client; content:"GET"; http_method; content:"/as"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289119/; classtype:trojan-activity;sid:84152219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289114)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289114/; classtype:trojan-activity;sid:84152214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289115)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289115/; classtype:trojan-activity;sid:84152215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289116)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289116/; classtype:trojan-activity;sid:84152216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289117)"; flow:established,from_client; content:"GET"; http_method; content:"/ftpget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289117/; classtype:trojan-activity;sid:84152217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289118)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp2.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289118/; classtype:trojan-activity;sid:84152218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.74.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289113/; classtype:trojan-activity;sid:84152213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.65.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289112/; classtype:trojan-activity;sid:84152212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289111)"; flow:established,from_client; content:"GET"; http_method; content:"/ex86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289111/; classtype:trojan-activity;sid:84152211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289108)"; flow:established,from_client; content:"GET"; http_method; content:"/c/ex86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289108/; classtype:trojan-activity;sid:84152208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289109)"; flow:established,from_client; content:"GET"; http_method; content:"/c/earc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289109/; classtype:trojan-activity;sid:84152209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289110)"; flow:established,from_client; content:"GET"; http_method; content:"/earc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289110/; classtype:trojan-activity;sid:84152210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.64.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289107/; classtype:trojan-activity;sid:84152207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289106)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.87.54.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289106/; classtype:trojan-activity;sid:84152206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.212.131.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289104/; classtype:trojan-activity;sid:84152204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289105)"; flow:established,from_client; content:"GET"; http_method; content:"/venonbase.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"141.11.128.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289105/; classtype:trojan-activity;sid:84152205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289103)"; flow:established,from_client; content:"GET"; http_method; content:"/run.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.128.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289103/; classtype:trojan-activity;sid:84152203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.36.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289102/; classtype:trojan-activity;sid:84152202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.45.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289100/; classtype:trojan-activity;sid:84152200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.29.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289101/; classtype:trojan-activity;sid:84152201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.71.3.91"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289099/; classtype:trojan-activity;sid:84152199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.43.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289098/; classtype:trojan-activity;sid:84152198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.116.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289097/; classtype:trojan-activity;sid:84152197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.41.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289096/; classtype:trojan-activity;sid:84152196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.10.130"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289095/; classtype:trojan-activity;sid:84152195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.129.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289094/; classtype:trojan-activity;sid:84152194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.217.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289093/; classtype:trojan-activity;sid:84152193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.65.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289092/; classtype:trojan-activity;sid:84152192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289091)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.36.187.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289091/; classtype:trojan-activity;sid:84152191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.46.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289090/; classtype:trojan-activity;sid:84152190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.92.240.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289089/; classtype:trojan-activity;sid:84152189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.92.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289088/; classtype:trojan-activity;sid:84152188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.45.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289087/; classtype:trojan-activity;sid:84152187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.120.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289086/; classtype:trojan-activity;sid:84152186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.152.18.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289085/; classtype:trojan-activity;sid:84152185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.238.95.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289084/; classtype:trojan-activity;sid:84152184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289077)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289077/; classtype:trojan-activity;sid:84152177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289078)"; flow:established,from_client; content:"GET"; http_method; content:"/wag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289078/; classtype:trojan-activity;sid:84152178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289079)"; flow:established,from_client; content:"GET"; http_method; content:"/test"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289079/; classtype:trojan-activity;sid:84152179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289080)"; flow:established,from_client; content:"GET"; http_method; content:"/wg.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289080/; classtype:trojan-activity;sid:84152180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289081)"; flow:established,from_client; content:"GET"; http_method; content:"/d"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289081/; classtype:trojan-activity;sid:84152181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289082)"; flow:established,from_client; content:"GET"; http_method; content:"/xmr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289082/; classtype:trojan-activity;sid:84152182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289083)"; flow:established,from_client; content:"GET"; http_method; content:"/lmao"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289083/; classtype:trojan-activity;sid:84152183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289069)"; flow:established,from_client; content:"GET"; http_method; content:"/w"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289069/; classtype:trojan-activity;sid:84152169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289070)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289070/; classtype:trojan-activity;sid:84152170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289071)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289071/; classtype:trojan-activity;sid:84152171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289072)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289072/; classtype:trojan-activity;sid:84152172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289073)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289073/; classtype:trojan-activity;sid:84152173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289074)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289074/; classtype:trojan-activity;sid:84152174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289075)"; flow:established,from_client; content:"GET"; http_method; content:"/f.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289075/; classtype:trojan-activity;sid:84152175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289076)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289076/; classtype:trojan-activity;sid:84152176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.167.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289068/; classtype:trojan-activity;sid:84152168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.147.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289067/; classtype:trojan-activity;sid:84152167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.203.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289066/; classtype:trojan-activity;sid:84152166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.42.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289065/; classtype:trojan-activity;sid:84152165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.164.60.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289064/; classtype:trojan-activity;sid:84152164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.96.51"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289062/; classtype:trojan-activity;sid:84152162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.39.19.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289063/; classtype:trojan-activity;sid:84152163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.43.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289061/; classtype:trojan-activity;sid:84152161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.46.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289060/; classtype:trojan-activity;sid:84152160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.81.247.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289059/; classtype:trojan-activity;sid:84152159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289058)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289058/; classtype:trojan-activity;sid:84152158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.39.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289057/; classtype:trojan-activity;sid:84152157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.39.19.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289056/; classtype:trojan-activity;sid:84152156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289053)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289053/; classtype:trojan-activity;sid:84152153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289054)"; flow:established,from_client; content:"GET"; http_method; content:"/nshppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289054/; classtype:trojan-activity;sid:84152154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289055)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289055/; classtype:trojan-activity;sid:84152155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289043)"; flow:established,from_client; content:"GET"; http_method; content:"/nshsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289043/; classtype:trojan-activity;sid:84152143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289044)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289044/; classtype:trojan-activity;sid:84152144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289045)"; flow:established,from_client; content:"GET"; http_method; content:"/harm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289045/; classtype:trojan-activity;sid:84152145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289046)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289046/; classtype:trojan-activity;sid:84152146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289047)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289047/; classtype:trojan-activity;sid:84152147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289048)"; flow:established,from_client; content:"GET"; http_method; content:"/dmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289048/; classtype:trojan-activity;sid:84152148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289049)"; flow:established,from_client; content:"GET"; http_method; content:"/harm4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289049/; classtype:trojan-activity;sid:84152149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289050)"; flow:established,from_client; content:"GET"; http_method; content:"/harm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289050/; classtype:trojan-activity;sid:84152150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.209.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289051/; classtype:trojan-activity;sid:84152151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289052)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289052/; classtype:trojan-activity;sid:84152152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.92.240.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289041/; classtype:trojan-activity;sid:84152141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.239.220.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289040/; classtype:trojan-activity;sid:84152140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.21.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289039/; classtype:trojan-activity;sid:84152139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.99.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289038/; classtype:trojan-activity;sid:84152138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.183.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289037/; classtype:trojan-activity;sid:84152137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289036)"; flow:established,from_client; content:"GET"; http_method; content:"/img/mok.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.120.125.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289036/; classtype:trojan-activity;sid:84152136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.203.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289035/; classtype:trojan-activity;sid:84152135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.41.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289034/; classtype:trojan-activity;sid:84152134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.215.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289033/; classtype:trojan-activity;sid:84152133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.32.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289032/; classtype:trojan-activity;sid:84152132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.41.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289031/; classtype:trojan-activity;sid:84152131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.96.51"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289030/; classtype:trojan-activity;sid:84152130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289029/; classtype:trojan-activity;sid:84152129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.8.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289028/; classtype:trojan-activity;sid:84152128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.239.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289027/; classtype:trojan-activity;sid:84152127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.21.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289026/; classtype:trojan-activity;sid:84152126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.42.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289025/; classtype:trojan-activity;sid:84152125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.209.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289024/; classtype:trojan-activity;sid:84152124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.175.25.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289023/; classtype:trojan-activity;sid:84152123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.11.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289022/; classtype:trojan-activity;sid:84152122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.201.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289021/; classtype:trojan-activity;sid:84152121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.41.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289020/; classtype:trojan-activity;sid:84152120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.140.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289019/; classtype:trojan-activity;sid:84152119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.8.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289018/; classtype:trojan-activity;sid:84152118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.40.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289017/; classtype:trojan-activity;sid:84152117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289016/; classtype:trojan-activity;sid:84152116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.175.25.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289015/; classtype:trojan-activity;sid:84152115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.31.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289014/; classtype:trojan-activity;sid:84152114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.35.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289012/; classtype:trojan-activity;sid:84152112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.22.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289013/; classtype:trojan-activity;sid:84152113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.120.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289011/; classtype:trojan-activity;sid:84152111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.163.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289010/; classtype:trojan-activity;sid:84152110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.50.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289009/; classtype:trojan-activity;sid:84152109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.93.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289008/; classtype:trojan-activity;sid:84152108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.182.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289006/; classtype:trojan-activity;sid:84152106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.108.90.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289007/; classtype:trojan-activity;sid:84152107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.35.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289005/; classtype:trojan-activity;sid:84152105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289003)"; flow:established,from_client; content:"GET"; http_method; content:"/files/crypted2.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289003/; classtype:trojan-activity;sid:84152103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289004)"; flow:established,from_client; content:"GET"; http_method; content:"/clip/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289004/; classtype:trojan-activity;sid:84152104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.90.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289002/; classtype:trojan-activity;sid:84152102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.151.133.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289001/; classtype:trojan-activity;sid:84152101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.150.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289000/; classtype:trojan-activity;sid:84152100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.72.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288999/; classtype:trojan-activity;sid:84152099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288998/; classtype:trojan-activity;sid:84152098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.22.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288997/; classtype:trojan-activity;sid:84152097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.179.156"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288996/; classtype:trojan-activity;sid:84152096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.227.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288995/; classtype:trojan-activity;sid:84152095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.108.90.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288994/; classtype:trojan-activity;sid:84152094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.184.157.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288993/; classtype:trojan-activity;sid:84152093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.94.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288992/; classtype:trojan-activity;sid:84152092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.137.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288991/; classtype:trojan-activity;sid:84152091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.178.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288990/; classtype:trojan-activity;sid:84152090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.116.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288989/; classtype:trojan-activity;sid:84152089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.34.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288987/; classtype:trojan-activity;sid:84152087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.77.23.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288988/; classtype:trojan-activity;sid:84152088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.67.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288986/; classtype:trojan-activity;sid:84152086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.24.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288985/; classtype:trojan-activity;sid:84152085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.61.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288984/; classtype:trojan-activity;sid:84152084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.163.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288983/; classtype:trojan-activity;sid:84152083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.74.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288982/; classtype:trojan-activity;sid:84152082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.19.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288981/; classtype:trojan-activity;sid:84152081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.93.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288980/; classtype:trojan-activity;sid:84152080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.163.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288979/; classtype:trojan-activity;sid:84152079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.109.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288978/; classtype:trojan-activity;sid:84152078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.184.157.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288977/; classtype:trojan-activity;sid:84152077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.144.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288976/; classtype:trojan-activity;sid:84152076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"206.0.181.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288975/; classtype:trojan-activity;sid:84152075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.234.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288973/; classtype:trojan-activity;sid:84152073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.136.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288974/; classtype:trojan-activity;sid:84152074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.186.52.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288972/; classtype:trojan-activity;sid:84152072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.88.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288971/; classtype:trojan-activity;sid:84152071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.19.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288970/; classtype:trojan-activity;sid:84152070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.54.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288969/; classtype:trojan-activity;sid:84152069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.249.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288968/; classtype:trojan-activity;sid:84152068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.65.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288967/; classtype:trojan-activity;sid:84152067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.71.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288966/; classtype:trojan-activity;sid:84152066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.97.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288965/; classtype:trojan-activity;sid:84152065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.245.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288964/; classtype:trojan-activity;sid:84152064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.229.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288963/; classtype:trojan-activity;sid:84152063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.32.248.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288962/; classtype:trojan-activity;sid:84152062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288960)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288960/; classtype:trojan-activity;sid:84152060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288961)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288961/; classtype:trojan-activity;sid:84152061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.136.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288959/; classtype:trojan-activity;sid:84152059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288958)"; flow:established,from_client; content:"GET"; http_method; content:"/isis.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288958/; classtype:trojan-activity;sid:84152058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288957)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288957/; classtype:trojan-activity;sid:84152057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288955)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288955/; classtype:trojan-activity;sid:84152055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288956)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.isis"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288956/; classtype:trojan-activity;sid:84152056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288953)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.isis"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288953/; classtype:trojan-activity;sid:84152053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288954)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288954/; classtype:trojan-activity;sid:84152054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288948)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.isis"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288948/; classtype:trojan-activity;sid:84152048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288949)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288949/; classtype:trojan-activity;sid:84152049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288950)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.isis"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288950/; classtype:trojan-activity;sid:84152050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288951)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288951/; classtype:trojan-activity;sid:84152051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288952)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288952/; classtype:trojan-activity;sid:84152052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.86.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288947/; classtype:trojan-activity;sid:84152047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.88.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288946/; classtype:trojan-activity;sid:84152046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.142.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288944/; classtype:trojan-activity;sid:84152044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.186.52.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288945/; classtype:trojan-activity;sid:84152045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.245.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288943/; classtype:trojan-activity;sid:84152043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.57.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288942/; classtype:trojan-activity;sid:84152042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.18.228"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288941/; classtype:trojan-activity;sid:84152041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.32.248.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288940/; classtype:trojan-activity;sid:84152040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.186.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288939/; classtype:trojan-activity;sid:84152039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.20.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288938/; classtype:trojan-activity;sid:84152038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.7.154"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288937/; classtype:trojan-activity;sid:84152037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.15.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288936/; classtype:trojan-activity;sid:84152036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.96.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288935/; classtype:trojan-activity;sid:84152035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.92.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288934/; classtype:trojan-activity;sid:84152034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288933/; classtype:trojan-activity;sid:84152033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.142.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288932/; classtype:trojan-activity;sid:84152032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.86.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288931/; classtype:trojan-activity;sid:84152031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.75.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288930/; classtype:trojan-activity;sid:84152030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.210.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288927/; classtype:trojan-activity;sid:84152027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.213.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288928/; classtype:trojan-activity;sid:84152028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288929/; classtype:trojan-activity;sid:84152029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.163.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288926/; classtype:trojan-activity;sid:84152026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.57.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288925/; classtype:trojan-activity;sid:84152025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.228.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288924/; classtype:trojan-activity;sid:84152024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.160.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288923/; classtype:trojan-activity;sid:84152023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.21.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288922/; classtype:trojan-activity;sid:84152022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.158.194.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288918/; classtype:trojan-activity;sid:84152018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.180.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288919/; classtype:trojan-activity;sid:84152019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.151.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288920/; classtype:trojan-activity;sid:84152020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.95.96.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288921/; classtype:trojan-activity;sid:84152021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.118.75.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288915/; classtype:trojan-activity;sid:84152015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.111.22.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288916/; classtype:trojan-activity;sid:84152016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.222.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288917/; classtype:trojan-activity;sid:84152017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.248.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288914/; classtype:trojan-activity;sid:84152014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.132.106.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288912/; classtype:trojan-activity;sid:84152012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.215.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288913/; classtype:trojan-activity;sid:84152013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.113.56.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288911/; classtype:trojan-activity;sid:84152011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288910)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.184.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288910/; classtype:trojan-activity;sid:84152010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.238.95.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288908/; classtype:trojan-activity;sid:84152008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.179.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288909/; classtype:trojan-activity;sid:84152009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.175.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288907/; classtype:trojan-activity;sid:84152007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288906/; classtype:trojan-activity;sid:84152006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.95.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288904/; classtype:trojan-activity;sid:84152004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.235.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288905/; classtype:trojan-activity;sid:84152005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.7.154"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288903/; classtype:trojan-activity;sid:84152003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.180.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288902/; classtype:trojan-activity;sid:84152002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.120.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288901/; classtype:trojan-activity;sid:84152001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.235.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288900/; classtype:trojan-activity;sid:84152000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.213.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288899/; classtype:trojan-activity;sid:84151999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.115.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288898/; classtype:trojan-activity;sid:84151998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.15.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288897/; classtype:trojan-activity;sid:84151997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.100.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288896/; classtype:trojan-activity;sid:84151996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.115.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288895/; classtype:trojan-activity;sid:84151995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.163.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288894/; classtype:trojan-activity;sid:84151994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.183.131.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288893/; classtype:trojan-activity;sid:84151993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.9.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288892/; classtype:trojan-activity;sid:84151992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.193.59.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288891/; classtype:trojan-activity;sid:84151991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.92.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288890/; classtype:trojan-activity;sid:84151990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.115.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288888/; classtype:trojan-activity;sid:84151988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.245.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288889/; classtype:trojan-activity;sid:84151989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.77.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288887/; classtype:trojan-activity;sid:84151987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.115.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288886/; classtype:trojan-activity;sid:84151986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.69.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288885/; classtype:trojan-activity;sid:84151985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.25.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288884/; classtype:trojan-activity;sid:84151984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.46.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288882/; classtype:trojan-activity;sid:84151982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.121.3.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288883/; classtype:trojan-activity;sid:84151983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.180.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288881/; classtype:trojan-activity;sid:84151981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.95.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288880/; classtype:trojan-activity;sid:84151980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.120.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288879/; classtype:trojan-activity;sid:84151979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.181.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288878/; classtype:trojan-activity;sid:84151978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.4.4.141"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288877/; classtype:trojan-activity;sid:84151977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.170.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288875/; classtype:trojan-activity;sid:84151975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.121.3.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288876/; classtype:trojan-activity;sid:84151976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.112.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288874/; classtype:trojan-activity;sid:84151974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.183.103.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288873/; classtype:trojan-activity;sid:84151973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.46.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288872/; classtype:trojan-activity;sid:84151972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288871)"; flow:established,from_client; content:"GET"; http_method; content:"/gotocheckout"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mkotl.strategies.mvpstrat.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288871/; classtype:trojan-activity;sid:84151971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.111.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288870/; classtype:trojan-activity;sid:84151970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.213.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288868/; classtype:trojan-activity;sid:84151968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288869/; classtype:trojan-activity;sid:84151969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.9.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288867/; classtype:trojan-activity;sid:84151967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.26.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288866/; classtype:trojan-activity;sid:84151966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.74.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288865/; classtype:trojan-activity;sid:84151965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.39.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288864/; classtype:trojan-activity;sid:84151964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.115.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288863/; classtype:trojan-activity;sid:84151963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.169.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288862/; classtype:trojan-activity;sid:84151962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.90.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288861/; classtype:trojan-activity;sid:84151961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.177.166.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288860/; classtype:trojan-activity;sid:84151960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.9.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288859/; classtype:trojan-activity;sid:84151959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.230.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288858/; classtype:trojan-activity;sid:84151958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.220.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288856/; classtype:trojan-activity;sid:84151956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.90.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288857/; classtype:trojan-activity;sid:84151957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.20.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288855/; classtype:trojan-activity;sid:84151955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.175.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288854/; classtype:trojan-activity;sid:84151954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.65.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288853/; classtype:trojan-activity;sid:84151953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.79.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288852/; classtype:trojan-activity;sid:84151952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.244.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288851/; classtype:trojan-activity;sid:84151951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.238.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288850/; classtype:trojan-activity;sid:84151950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.71.201.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288849/; classtype:trojan-activity;sid:84151949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.192.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288848/; classtype:trojan-activity;sid:84151948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.30.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288847/; classtype:trojan-activity;sid:84151947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.121.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288846/; classtype:trojan-activity;sid:84151946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.177.166.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288845/; classtype:trojan-activity;sid:84151945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.232.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288844/; classtype:trojan-activity;sid:84151944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.230.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288843/; classtype:trojan-activity;sid:84151943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.32.123"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288842/; classtype:trojan-activity;sid:84151942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288841/; classtype:trojan-activity;sid:84151941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.199.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288840/; classtype:trojan-activity;sid:84151940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.47.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288839/; classtype:trojan-activity;sid:84151939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.207.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288838/; classtype:trojan-activity;sid:84151938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.238.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288836/; classtype:trojan-activity;sid:84151936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.79.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288837/; classtype:trojan-activity;sid:84151937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.90.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288835/; classtype:trojan-activity;sid:84151935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.248.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288834/; classtype:trojan-activity;sid:84151934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.226.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288833/; classtype:trojan-activity;sid:84151933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.252.114.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288832/; classtype:trojan-activity;sid:84151932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.250.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288831/; classtype:trojan-activity;sid:84151931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.215.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288830/; classtype:trojan-activity;sid:84151930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.20.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288829/; classtype:trojan-activity;sid:84151929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.192.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288828/; classtype:trojan-activity;sid:84151928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.85.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288827/; classtype:trojan-activity;sid:84151927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.182.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288826/; classtype:trojan-activity;sid:84151926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.199.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288825/; classtype:trojan-activity;sid:84151925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.79.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288824/; classtype:trojan-activity;sid:84151924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.12.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288823/; classtype:trojan-activity;sid:84151923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.232.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288822/; classtype:trojan-activity;sid:84151922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288821)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.33.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288821/; classtype:trojan-activity;sid:84151921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.73.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288820/; classtype:trojan-activity;sid:84151920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.192.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288819/; classtype:trojan-activity;sid:84151919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.32.123"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288818/; classtype:trojan-activity;sid:84151918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.238.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288817/; classtype:trojan-activity;sid:84151917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.79.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288816/; classtype:trojan-activity;sid:84151916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.185.140.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288815/; classtype:trojan-activity;sid:84151915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.20.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288814/; classtype:trojan-activity;sid:84151914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.125.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288813/; classtype:trojan-activity;sid:84151913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288812)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.153.47.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288812/; classtype:trojan-activity;sid:84151912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.190.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288811/; classtype:trojan-activity;sid:84151911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.240.236.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288810/; classtype:trojan-activity;sid:84151910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.223.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288809/; classtype:trojan-activity;sid:84151909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.24.189.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288808/; classtype:trojan-activity;sid:84151908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.215.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288807/; classtype:trojan-activity;sid:84151907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.231.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288806/; classtype:trojan-activity;sid:84151906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.192.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288805/; classtype:trojan-activity;sid:84151905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.80.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288804/; classtype:trojan-activity;sid:84151904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.85.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288803/; classtype:trojan-activity;sid:84151903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.127.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288802/; classtype:trojan-activity;sid:84151902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.149.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288801/; classtype:trojan-activity;sid:84151901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.250.40.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288800/; classtype:trojan-activity;sid:84151900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.70.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288799/; classtype:trojan-activity;sid:84151899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288798)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.243.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288798/; classtype:trojan-activity;sid:84151898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.203.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288797/; classtype:trojan-activity;sid:84151897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.238.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288796/; classtype:trojan-activity;sid:84151896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.185.140.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288795/; classtype:trojan-activity;sid:84151895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.100.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288794/; classtype:trojan-activity;sid:84151894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.96.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288793/; classtype:trojan-activity;sid:84151893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.185.200.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288792/; classtype:trojan-activity;sid:84151892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.73.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288791/; classtype:trojan-activity;sid:84151891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.120.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288789/; classtype:trojan-activity;sid:84151889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.80.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288790/; classtype:trojan-activity;sid:84151890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.212.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288788/; classtype:trojan-activity;sid:84151888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"69.129.18.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288787/; classtype:trojan-activity;sid:84151887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.203.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288786/; classtype:trojan-activity;sid:84151886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.16.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288785/; classtype:trojan-activity;sid:84151885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.149.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288784/; classtype:trojan-activity;sid:84151884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.92.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288783/; classtype:trojan-activity;sid:84151883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.20.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288782/; classtype:trojan-activity;sid:84151882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.2.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288780/; classtype:trojan-activity;sid:84151880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.22.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288781/; classtype:trojan-activity;sid:84151881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288779)"; flow:established,from_client; content:"GET"; http_method; content:"/66/snc/seemebestthingswhichevermadebybestthingsgodown.hta"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"192.3.220.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288779/; classtype:trojan-activity;sid:84151879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288778)"; flow:established,from_client; content:"GET"; http_method; content:"/tuesdaymadamwebxmpdw-constraints.vbs"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"104.168.7.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288778/; classtype:trojan-activity;sid:84151878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288777)"; flow:established,from_client; content:"GET"; http_method; content:"/66/seemybestgirlthinkingsheisahotchickbutfuvk.tif"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"192.3.220.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288777/; classtype:trojan-activity;sid:84151877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.207.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288776/; classtype:trojan-activity;sid:84151876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.250.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288775/; classtype:trojan-activity;sid:84151875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.100.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288774/; classtype:trojan-activity;sid:84151874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288773/; classtype:trojan-activity;sid:84151873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.210.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288772/; classtype:trojan-activity;sid:84151872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.106.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288771/; classtype:trojan-activity;sid:84151871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.181.12.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288770/; classtype:trojan-activity;sid:84151870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.54.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288769/; classtype:trojan-activity;sid:84151869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.119.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288768/; classtype:trojan-activity;sid:84151868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.95.140"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288767/; classtype:trojan-activity;sid:84151867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.114.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288766/; classtype:trojan-activity;sid:84151866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.169.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288765/; classtype:trojan-activity;sid:84151865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"69.129.18.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288764/; classtype:trojan-activity;sid:84151864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.239.56.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288763/; classtype:trojan-activity;sid:84151863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.182.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288762/; classtype:trojan-activity;sid:84151862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.245.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288761/; classtype:trojan-activity;sid:84151861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.238.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288760/; classtype:trojan-activity;sid:84151860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.210.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288759/; classtype:trojan-activity;sid:84151859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.19.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288758/; classtype:trojan-activity;sid:84151858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.232.241.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288757/; classtype:trojan-activity;sid:84151857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.81.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288756/; classtype:trojan-activity;sid:84151856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.47.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288755/; classtype:trojan-activity;sid:84151855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.70.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288754/; classtype:trojan-activity;sid:84151854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.106.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288753/; classtype:trojan-activity;sid:84151853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.227.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288752/; classtype:trojan-activity;sid:84151852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288750)"; flow:established,from_client; content:"GET"; http_method; content:"/txt/blhbzrtqblg6o1k.doc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.84.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288750/; classtype:trojan-activity;sid:84151850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288751)"; flow:established,from_client; content:"GET"; http_method; content:"/txt/blhbzrtqblg6o1k.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.84.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288751/; classtype:trojan-activity;sid:84151851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.250.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288749/; classtype:trojan-activity;sid:84151849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.112.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288748/; classtype:trojan-activity;sid:84151848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288747)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mpsl"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288747/; classtype:trojan-activity;sid:84151847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288744)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288744/; classtype:trojan-activity;sid:84151844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288745)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm7"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288745/; classtype:trojan-activity;sid:84151845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288746)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.m68k"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288746/; classtype:trojan-activity;sid:84151846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288740)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288740/; classtype:trojan-activity;sid:84151840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288741)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm6"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288741/; classtype:trojan-activity;sid:84151841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288742)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.sh4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288742/; classtype:trojan-activity;sid:84151842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288743)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.i686"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288743/; classtype:trojan-activity;sid:84151843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288736)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86_64"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288736/; classtype:trojan-activity;sid:84151836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288737)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm5"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288737/; classtype:trojan-activity;sid:84151837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288738)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mips"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288738/; classtype:trojan-activity;sid:84151838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288739)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.ppc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.137.70.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288739/; classtype:trojan-activity;sid:84151839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.181.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288735/; classtype:trojan-activity;sid:84151835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.192.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288733/; classtype:trojan-activity;sid:84151833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.120.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288734/; classtype:trojan-activity;sid:84151834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.20.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288731/; classtype:trojan-activity;sid:84151831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288732)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/ws/seethebestthingswithgreatthingsbestthingswithgreatentry.hta"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"107.173.4.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288732/; classtype:trojan-activity;sid:84151832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288730)"; flow:established,from_client; content:"GET"; http_method; content:"/331/ubn/mitradesignworkgoodforeveryoneforgiftedmbestthings.hta"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"198.23.212.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288730/; classtype:trojan-activity;sid:84151830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288729)"; flow:established,from_client; content:"GET"; http_method; content:"/55/nb/seemybesttimeforgivenmebestthingswithentiretimeforgivenmegreat.hta"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"198.46.178.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288729/; classtype:trojan-activity;sid:84151829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288728)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/nc/mo/seemybestpartaroundtheworldtogetmethingsfornewone.hta"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"198.46.178.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288728/; classtype:trojan-activity;sid:84151828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288727)"; flow:established,from_client; content:"GET"; http_method; content:"/jbetxjeprs66.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"204.44.127.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288727/; classtype:trojan-activity;sid:84151827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.46.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288726/; classtype:trojan-activity;sid:84151826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.152.20.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288725/; classtype:trojan-activity;sid:84151825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288723)"; flow:established,from_client; content:"GET"; http_method; content:"/tofnvkztslcapjhemddpvquy54.bin"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"212.162.149.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288723/; classtype:trojan-activity;sid:84151823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288724)"; flow:established,from_client; content:"GET"; http_method; content:"/gsnekddnoq28.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"212.162.149.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288724/; classtype:trojan-activity;sid:84151824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.38.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288722/; classtype:trojan-activity;sid:84151822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288720)"; flow:established,from_client; content:"GET"; http_method; content:"/ygmdnaa137.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"173.249.193.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288720/; classtype:trojan-activity;sid:84151820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.234.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288721/; classtype:trojan-activity;sid:84151821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.182.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288719/; classtype:trojan-activity;sid:84151819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288718)"; flow:established,from_client; content:"GET"; http_method; content:"/zxyqebpwjlhygxzay158.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"93.123.109.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288718/; classtype:trojan-activity;sid:84151818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.62.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288717/; classtype:trojan-activity;sid:84151817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.34.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288716/; classtype:trojan-activity;sid:84151816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.19.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288715/; classtype:trojan-activity;sid:84151815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.30.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288714/; classtype:trojan-activity;sid:84151814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.238.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288713/; classtype:trojan-activity;sid:84151813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.245.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288712/; classtype:trojan-activity;sid:84151812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.2.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288711/; classtype:trojan-activity;sid:84151811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.137.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288710/; classtype:trojan-activity;sid:84151810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.119.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288709/; classtype:trojan-activity;sid:84151809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288708/; classtype:trojan-activity;sid:84151808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.25.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288707/; classtype:trojan-activity;sid:84151807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.218.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288705/; classtype:trojan-activity;sid:84151805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.112.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288706/; classtype:trojan-activity;sid:84151806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288704/; classtype:trojan-activity;sid:84151804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.119.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288702/; classtype:trojan-activity;sid:84151802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.228.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288703/; classtype:trojan-activity;sid:84151803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.192.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288701/; classtype:trojan-activity;sid:84151801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.181.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288700/; classtype:trojan-activity;sid:84151800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.10.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288699/; classtype:trojan-activity;sid:84151799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.127.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288698/; classtype:trojan-activity;sid:84151798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.228.136.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288697/; classtype:trojan-activity;sid:84151797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.2.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288695/; classtype:trojan-activity;sid:84151795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.234.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288696/; classtype:trojan-activity;sid:84151796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.137.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288694/; classtype:trojan-activity;sid:84151794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288693)"; flow:established,from_client; content:"GET"; http_method; content:"/555/newofficialprogramcauseofnewupdate.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"188.34.188.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288693/; classtype:trojan-activity;sid:84151793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288692)"; flow:established,from_client; content:"GET"; http_method; content:"/ga/m/6.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"superior-coin.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288692/; classtype:trojan-activity;sid:84151792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288690)"; flow:established,from_client; content:"GET"; http_method; content:"/13cecbdad86667b0.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"193.233.74.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288690/; classtype:trojan-activity;sid:84151790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.77.185.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288691/; classtype:trojan-activity;sid:84151791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288689)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/5cvboz7ll7ozeu5nye41v/demanda-no-2024-125421208.uue|3f|rlkey=q3v5vrfxcuzk79v7a8njjcjuu|7c|26|7c|st=p3cn4auq|7c|26|7c|dl=1"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288689/; classtype:trojan-activity;sid:84151789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.64.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288688/; classtype:trojan-activity;sid:84151788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.21.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288687/; classtype:trojan-activity;sid:84151787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.192.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288686/; classtype:trojan-activity;sid:84151786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.158.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288685/; classtype:trojan-activity;sid:84151785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.58.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288684/; classtype:trojan-activity;sid:84151784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.114.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288683/; classtype:trojan-activity;sid:84151783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.8.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288681/; classtype:trojan-activity;sid:84151781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288682/; classtype:trojan-activity;sid:84151782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.247.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288680/; classtype:trojan-activity;sid:84151780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.158.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288679/; classtype:trojan-activity;sid:84151779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.60.176.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288678/; classtype:trojan-activity;sid:84151778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.175.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288677/; classtype:trojan-activity;sid:84151777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.112.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288675/; classtype:trojan-activity;sid:84151775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.112.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288676/; classtype:trojan-activity;sid:84151776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.226.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288673/; classtype:trojan-activity;sid:84151773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.15.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288674/; classtype:trojan-activity;sid:84151774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.24.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288672/; classtype:trojan-activity;sid:84151772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.21.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288671/; classtype:trojan-activity;sid:84151771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.60.176.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288670/; classtype:trojan-activity;sid:84151770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.87.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288669/; classtype:trojan-activity;sid:84151769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.87.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288668/; classtype:trojan-activity;sid:84151768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288667/; classtype:trojan-activity;sid:84151767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.58.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288666/; classtype:trojan-activity;sid:84151766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.226.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288665/; classtype:trojan-activity;sid:84151765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.241.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288664/; classtype:trojan-activity;sid:84151764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.245.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288663/; classtype:trojan-activity;sid:84151763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.119.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288662/; classtype:trojan-activity;sid:84151762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.139.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288660/; classtype:trojan-activity;sid:84151760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.53.98.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288661/; classtype:trojan-activity;sid:84151761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.24.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288659/; classtype:trojan-activity;sid:84151759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.64.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288658/; classtype:trojan-activity;sid:84151758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.22.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288657/; classtype:trojan-activity;sid:84151757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.114.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288656/; classtype:trojan-activity;sid:84151756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.0.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288654/; classtype:trojan-activity;sid:84151754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.30.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288655/; classtype:trojan-activity;sid:84151755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.169.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288653/; classtype:trojan-activity;sid:84151753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.87.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288652/; classtype:trojan-activity;sid:84151752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.108.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288651/; classtype:trojan-activity;sid:84151751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.133.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288650/; classtype:trojan-activity;sid:84151750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.99.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288649/; classtype:trojan-activity;sid:84151749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.47.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288646/; classtype:trojan-activity;sid:84151746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.42.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288647/; classtype:trojan-activity;sid:84151747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.6.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288648/; classtype:trojan-activity;sid:84151748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.112.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288645/; classtype:trojan-activity;sid:84151745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.191.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288644/; classtype:trojan-activity;sid:84151744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.52.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288643/; classtype:trojan-activity;sid:84151743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.22.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288642/; classtype:trojan-activity;sid:84151742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.226.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288641/; classtype:trojan-activity;sid:84151741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.34.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288640/; classtype:trojan-activity;sid:84151740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.194.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288639/; classtype:trojan-activity;sid:84151739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.91.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288638/; classtype:trojan-activity;sid:84151738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.30.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288637/; classtype:trojan-activity;sid:84151737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.126.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288636/; classtype:trojan-activity;sid:84151736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.254.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288635/; classtype:trojan-activity;sid:84151735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.169.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288634/; classtype:trojan-activity;sid:84151734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.164.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288633/; classtype:trojan-activity;sid:84151733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.158.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288632/; classtype:trojan-activity;sid:84151732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.139.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288631/; classtype:trojan-activity;sid:84151731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.6.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288630/; classtype:trojan-activity;sid:84151730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.176.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288629/; classtype:trojan-activity;sid:84151729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.25.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288627/; classtype:trojan-activity;sid:84151727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.189.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288628/; classtype:trojan-activity;sid:84151728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.47.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288626/; classtype:trojan-activity;sid:84151726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.133.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288625/; classtype:trojan-activity;sid:84151725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.56.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288624/; classtype:trojan-activity;sid:84151724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.218.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288623/; classtype:trojan-activity;sid:84151723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288622)"; flow:established,from_client; content:"GET"; http_method; content:"/gotocheckout"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ixkix.events.socalpocis.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288622/; classtype:trojan-activity;sid:84151722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.110.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288620/; classtype:trojan-activity;sid:84151720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.34.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288621/; classtype:trojan-activity;sid:84151721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.25.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288619/; classtype:trojan-activity;sid:84151719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.132.133.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288618/; classtype:trojan-activity;sid:84151718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.122.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288617/; classtype:trojan-activity;sid:84151717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.7.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288616/; classtype:trojan-activity;sid:84151716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.242.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288615/; classtype:trojan-activity;sid:84151715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.39.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288614/; classtype:trojan-activity;sid:84151714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.185.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288613/; classtype:trojan-activity;sid:84151713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288612/; classtype:trojan-activity;sid:84151712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.25.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288611/; classtype:trojan-activity;sid:84151711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.21.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288610/; classtype:trojan-activity;sid:84151710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.10.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288609/; classtype:trojan-activity;sid:84151709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.223.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288608/; classtype:trojan-activity;sid:84151708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.22.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288607/; classtype:trojan-activity;sid:84151707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288606/; classtype:trojan-activity;sid:84151706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.158.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288605/; classtype:trojan-activity;sid:84151705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.42.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288604/; classtype:trojan-activity;sid:84151704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.132.133.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288603/; classtype:trojan-activity;sid:84151703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.129.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288602/; classtype:trojan-activity;sid:84151702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.100.248.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288601/; classtype:trojan-activity;sid:84151701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.117.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288599/; classtype:trojan-activity;sid:84151699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288600/; classtype:trojan-activity;sid:84151700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.242.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288598/; classtype:trojan-activity;sid:84151698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.122.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288596/; classtype:trojan-activity;sid:84151696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.140.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288597/; classtype:trojan-activity;sid:84151697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.135.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288595/; classtype:trojan-activity;sid:84151695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.32.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288594/; classtype:trojan-activity;sid:84151694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.55.181.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288593/; classtype:trojan-activity;sid:84151693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.12.11.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288591/; classtype:trojan-activity;sid:84151691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.245.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288592/; classtype:trojan-activity;sid:84151692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.107.89.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288590/; classtype:trojan-activity;sid:84151690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.204.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288589/; classtype:trojan-activity;sid:84151689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.86.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288588/; classtype:trojan-activity;sid:84151688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.61.181.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288587/; classtype:trojan-activity;sid:84151687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.217.95.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288586/; classtype:trojan-activity;sid:84151686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.7.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288585/; classtype:trojan-activity;sid:84151685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.47.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288584/; classtype:trojan-activity;sid:84151684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.228.170.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288583/; classtype:trojan-activity;sid:84151683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.200.227.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288582/; classtype:trojan-activity;sid:84151682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.245.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288581/; classtype:trojan-activity;sid:84151681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.2.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288580/; classtype:trojan-activity;sid:84151680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.20.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288579/; classtype:trojan-activity;sid:84151679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.101.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288578/; classtype:trojan-activity;sid:84151678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.22.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288577/; classtype:trojan-activity;sid:84151677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.245.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288576/; classtype:trojan-activity;sid:84151676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.158.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288575/; classtype:trojan-activity;sid:84151675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.10.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288574/; classtype:trojan-activity;sid:84151674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.55.181.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288573/; classtype:trojan-activity;sid:84151673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.86.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288572/; classtype:trojan-activity;sid:84151672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.82.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288571/; classtype:trojan-activity;sid:84151671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.250.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288570/; classtype:trojan-activity;sid:84151670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.107.89.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288569/; classtype:trojan-activity;sid:84151669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.85.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288568/; classtype:trojan-activity;sid:84151668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.65.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288567/; classtype:trojan-activity;sid:84151667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.21.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288566/; classtype:trojan-activity;sid:84151666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.39.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288565/; classtype:trojan-activity;sid:84151665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.249.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288564/; classtype:trojan-activity;sid:84151664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.7.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288563/; classtype:trojan-activity;sid:84151663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.181.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288562/; classtype:trojan-activity;sid:84151662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.231.83.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288561/; classtype:trojan-activity;sid:84151661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.144.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288560/; classtype:trojan-activity;sid:84151660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.40.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288559/; classtype:trojan-activity;sid:84151659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288558/; classtype:trojan-activity;sid:84151658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.11.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288557/; classtype:trojan-activity;sid:84151657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.101.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288556/; classtype:trojan-activity;sid:84151656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.3.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288555/; classtype:trojan-activity;sid:84151655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.19.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288554/; classtype:trojan-activity;sid:84151654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.245.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288553/; classtype:trojan-activity;sid:84151653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.203.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288552/; classtype:trojan-activity;sid:84151652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.5.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288551/; classtype:trojan-activity;sid:84151651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288550/; classtype:trojan-activity;sid:84151650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.26.72.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288549/; classtype:trojan-activity;sid:84151649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.215.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288548/; classtype:trojan-activity;sid:84151648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.102.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288547/; classtype:trojan-activity;sid:84151647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.27.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288546/; classtype:trojan-activity;sid:84151646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.83.101"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288545/; classtype:trojan-activity;sid:84151645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.82.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288544/; classtype:trojan-activity;sid:84151644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.146.27.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288543/; classtype:trojan-activity;sid:84151643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.43.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288541/; classtype:trojan-activity;sid:84151641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.147.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288542/; classtype:trojan-activity;sid:84151642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.186.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288540/; classtype:trojan-activity;sid:84151640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.204.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288539/; classtype:trojan-activity;sid:84151639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.154.11.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288538/; classtype:trojan-activity;sid:84151638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.83.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288537/; classtype:trojan-activity;sid:84151637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288536/; classtype:trojan-activity;sid:84151636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.4.4.141"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288535/; classtype:trojan-activity;sid:84151635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.5.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288534/; classtype:trojan-activity;sid:84151634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.59.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288533/; classtype:trojan-activity;sid:84151633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.100.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288532/; classtype:trojan-activity;sid:84151632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.254.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288531/; classtype:trojan-activity;sid:84151631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.157.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288530/; classtype:trojan-activity;sid:84151630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.234.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288529/; classtype:trojan-activity;sid:84151629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.95.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288528/; classtype:trojan-activity;sid:84151628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288527/; classtype:trojan-activity;sid:84151627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.103.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288525/; classtype:trojan-activity;sid:84151625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.1.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288526/; classtype:trojan-activity;sid:84151626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.191.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288524/; classtype:trojan-activity;sid:84151624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.129.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288523/; classtype:trojan-activity;sid:84151623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.245.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288522/; classtype:trojan-activity;sid:84151622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.77.23.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288521/; classtype:trojan-activity;sid:84151621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.253.19.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288520/; classtype:trojan-activity;sid:84151620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.185.49.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288519/; classtype:trojan-activity;sid:84151619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.59.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288518/; classtype:trojan-activity;sid:84151618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.4.4.141"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288517/; classtype:trojan-activity;sid:84151617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.103.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288516/; classtype:trojan-activity;sid:84151616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.40.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288515/; classtype:trojan-activity;sid:84151615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.232.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288514/; classtype:trojan-activity;sid:84151614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.245.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288513/; classtype:trojan-activity;sid:84151613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.76.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288512/; classtype:trojan-activity;sid:84151612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.25.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288511/; classtype:trojan-activity;sid:84151611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.84.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288510/; classtype:trojan-activity;sid:84151610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.42.74.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288508/; classtype:trojan-activity;sid:84151608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.42.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288509/; classtype:trojan-activity;sid:84151609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.191.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288507/; classtype:trojan-activity;sid:84151607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.236.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288506/; classtype:trojan-activity;sid:84151606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.135.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288505/; classtype:trojan-activity;sid:84151605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.19.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288504/; classtype:trojan-activity;sid:84151604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.135.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288503/; classtype:trojan-activity;sid:84151603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.245.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288502/; classtype:trojan-activity;sid:84151602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.58.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288501/; classtype:trojan-activity;sid:84151601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.10.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288500/; classtype:trojan-activity;sid:84151600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.232.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288499/; classtype:trojan-activity;sid:84151599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.29.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288498/; classtype:trojan-activity;sid:84151598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.94.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288497/; classtype:trojan-activity;sid:84151597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.84.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288496/; classtype:trojan-activity;sid:84151596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.231.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288494/; classtype:trojan-activity;sid:84151594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.19.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288495/; classtype:trojan-activity;sid:84151595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.39.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288493/; classtype:trojan-activity;sid:84151593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.92.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288492/; classtype:trojan-activity;sid:84151592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.248.12.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288491/; classtype:trojan-activity;sid:84151591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.102.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288490/; classtype:trojan-activity;sid:84151590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.76.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288489/; classtype:trojan-activity;sid:84151589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.42.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288488/; classtype:trojan-activity;sid:84151588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288487/; classtype:trojan-activity;sid:84151587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.239.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288486/; classtype:trojan-activity;sid:84151586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.236.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288485/; classtype:trojan-activity;sid:84151585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.241.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288484/; classtype:trojan-activity;sid:84151584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.69.110.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288483/; classtype:trojan-activity;sid:84151583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.102.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288482/; classtype:trojan-activity;sid:84151582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.23.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288481/; classtype:trojan-activity;sid:84151581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.106.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288480/; classtype:trojan-activity;sid:84151580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.180.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288478/; classtype:trojan-activity;sid:84151578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.253.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288479/; classtype:trojan-activity;sid:84151579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.162.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288477/; classtype:trojan-activity;sid:84151577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.133.185.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288476/; classtype:trojan-activity;sid:84151576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.10.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288475/; classtype:trojan-activity;sid:84151575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288474/; classtype:trojan-activity;sid:84151574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.231.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288473/; classtype:trojan-activity;sid:84151573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.105.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288472/; classtype:trojan-activity;sid:84151572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.39.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288471/; classtype:trojan-activity;sid:84151571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.182.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288470/; classtype:trojan-activity;sid:84151570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.92.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288469/; classtype:trojan-activity;sid:84151569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288468/; classtype:trojan-activity;sid:84151568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.1.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288467/; classtype:trojan-activity;sid:84151567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.29.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288466/; classtype:trojan-activity;sid:84151566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.239.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288465/; classtype:trojan-activity;sid:84151565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.142.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288463/; classtype:trojan-activity;sid:84151563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.42.74.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288464/; classtype:trojan-activity;sid:84151564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288462/; classtype:trojan-activity;sid:84151562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288461)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.58.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288461/; classtype:trojan-activity;sid:84151561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.148.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288460/; classtype:trojan-activity;sid:84151560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.110.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288459/; classtype:trojan-activity;sid:84151559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.134.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288458/; classtype:trojan-activity;sid:84151558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.98.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288457/; classtype:trojan-activity;sid:84151557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288456/; classtype:trojan-activity;sid:84151556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.178.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288455/; classtype:trojan-activity;sid:84151555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288454/; classtype:trojan-activity;sid:84151554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288453/; classtype:trojan-activity;sid:84151553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.105.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288452/; classtype:trojan-activity;sid:84151552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.34.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288451/; classtype:trojan-activity;sid:84151551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.2.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288450/; classtype:trojan-activity;sid:84151550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.137.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288449/; classtype:trojan-activity;sid:84151549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.142.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288448/; classtype:trojan-activity;sid:84151548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288447/; classtype:trojan-activity;sid:84151547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.133.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288446/; classtype:trojan-activity;sid:84151546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.110.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288445/; classtype:trojan-activity;sid:84151545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.134.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288444/; classtype:trojan-activity;sid:84151544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.123.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288443/; classtype:trojan-activity;sid:84151543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288442)"; flow:established,from_client; content:"GET"; http_method; content:"/gotocheckout"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"varu.events.socalpocis.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288442/; classtype:trojan-activity;sid:84151542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288441)"; flow:established,from_client; content:"GET"; http_method; content:"/gotocheckout"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tzc.events.socalpocis.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288441/; classtype:trojan-activity;sid:84151541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288438)"; flow:established,from_client; content:"GET"; http_method; content:"/gotocheckout"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"buki.events.socalpocis.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288438/; classtype:trojan-activity;sid:84151538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288439)"; flow:established,from_client; content:"GET"; http_method; content:"/gotocheckout"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"zessk.events.socalpocis.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288439/; classtype:trojan-activity;sid:84151539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288440)"; flow:established,from_client; content:"GET"; http_method; content:"/gotocheckout"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"gtj.events.socalpocis.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288440/; classtype:trojan-activity;sid:84151540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288437)"; flow:established,from_client; content:"GET"; http_method; content:"/gotocheckout"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avc.events.socalpocis.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288437/; classtype:trojan-activity;sid:84151537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.12.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288436/; classtype:trojan-activity;sid:84151536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.137.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288435/; classtype:trojan-activity;sid:84151535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.209.67.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288434/; classtype:trojan-activity;sid:84151534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.15.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288433/; classtype:trojan-activity;sid:84151533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.42.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288432/; classtype:trojan-activity;sid:84151532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.34.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288431/; classtype:trojan-activity;sid:84151531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.1.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288430/; classtype:trojan-activity;sid:84151530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.100.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288428/; classtype:trojan-activity;sid:84151528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.91.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288429/; classtype:trojan-activity;sid:84151529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.54.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288427/; classtype:trojan-activity;sid:84151527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.201.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288426/; classtype:trojan-activity;sid:84151526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.236.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288425/; classtype:trojan-activity;sid:84151525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288424/; classtype:trojan-activity;sid:84151524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.183.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288423/; classtype:trojan-activity;sid:84151523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.155.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288422/; classtype:trojan-activity;sid:84151522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.16.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288421/; classtype:trojan-activity;sid:84151521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.95.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288420/; classtype:trojan-activity;sid:84151520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.110.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288419/; classtype:trojan-activity;sid:84151519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.41.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288418/; classtype:trojan-activity;sid:84151518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288416/; classtype:trojan-activity;sid:84151516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288417)"; flow:established,from_client; content:"GET"; http_method; content:"/d/wphs8"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288417/; classtype:trojan-activity;sid:84151517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.127.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288415/; classtype:trojan-activity;sid:84151515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.15.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288414/; classtype:trojan-activity;sid:84151514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.201.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288413/; classtype:trojan-activity;sid:84151513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.91.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288412/; classtype:trojan-activity;sid:84151512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.139.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288411/; classtype:trojan-activity;sid:84151511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288409)"; flow:established,from_client; content:"GET"; http_method; content:"/x861.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.115.237.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288409/; classtype:trojan-activity;sid:84151509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.136.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288410/; classtype:trojan-activity;sid:84151510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.118.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288408/; classtype:trojan-activity;sid:84151508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288407)"; flow:established,from_client; content:"GET"; http_method; content:"/x861.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.115.237.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288407/; classtype:trojan-activity;sid:84151507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288406)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x64.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"148.113.192.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288406/; classtype:trojan-activity;sid:84151506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.95.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288405/; classtype:trojan-activity;sid:84151505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.34.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288404/; classtype:trojan-activity;sid:84151504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.21.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288403/; classtype:trojan-activity;sid:84151503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.100.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288402/; classtype:trojan-activity;sid:84151502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.110.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288401/; classtype:trojan-activity;sid:84151501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.101.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288400/; classtype:trojan-activity;sid:84151500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.252.20.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288399/; classtype:trojan-activity;sid:84151499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.68.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288398/; classtype:trojan-activity;sid:84151498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288397)"; flow:established,from_client; content:"GET"; http_method; content:"/work/fix.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"junocis.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288397/; classtype:trojan-activity;sid:84151497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288396)"; flow:established,from_client; content:"GET"; http_method; content:"/work/das.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"culinarycanvasgrilling.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288396/; classtype:trojan-activity;sid:84151496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.222.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288395/; classtype:trojan-activity;sid:84151495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.90.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288394/; classtype:trojan-activity;sid:84151494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.118.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288393/; classtype:trojan-activity;sid:84151493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.127.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288392/; classtype:trojan-activity;sid:84151492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.143.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288391/; classtype:trojan-activity;sid:84151491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.212.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288390/; classtype:trojan-activity;sid:84151490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.54.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288389/; classtype:trojan-activity;sid:84151489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288388)"; flow:established,from_client; content:"GET"; http_method; content:"/work/das.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"fencingfriends.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288388/; classtype:trojan-activity;sid:84151488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.107.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288387/; classtype:trojan-activity;sid:84151487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.128.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288386/; classtype:trojan-activity;sid:84151486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.192.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288385/; classtype:trojan-activity;sid:84151485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288383)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/mfragks.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288383/; classtype:trojan-activity;sid:84151483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288384)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/srsdcio.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288384/; classtype:trojan-activity;sid:84151484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288380)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/kbkmpcr.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288380/; classtype:trojan-activity;sid:84151480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288381)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/bgjjhar.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288381/; classtype:trojan-activity;sid:84151481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288382)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/nargbri.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288382/; classtype:trojan-activity;sid:84151482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288371)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/difkhkm.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288371/; classtype:trojan-activity;sid:84151471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288372)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/dknkrdi.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288372/; classtype:trojan-activity;sid:84151472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288373)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/gdisfab.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288373/; classtype:trojan-activity;sid:84151473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288374)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/enoagkn.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288374/; classtype:trojan-activity;sid:84151474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288375)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/ihdpsek.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288375/; classtype:trojan-activity;sid:84151475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288376)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/ajipmik.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288376/; classtype:trojan-activity;sid:84151476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288377)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/bffgjkn.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288377/; classtype:trojan-activity;sid:84151477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288378)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/hmspgif.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288378/; classtype:trojan-activity;sid:84151478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288379)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/idmekdr.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288379/; classtype:trojan-activity;sid:84151479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288370)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/roaksdh.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288370/; classtype:trojan-activity;sid:84151470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288365)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/dmfgfmf.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288365/; classtype:trojan-activity;sid:84151465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288366)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/dfifsij.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288366/; classtype:trojan-activity;sid:84151466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288367)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/dmpindp.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288367/; classtype:trojan-activity;sid:84151467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288368)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/akjisfd.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288368/; classtype:trojan-activity;sid:84151468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288369)"; flow:established,from_client; content:"GET"; http_method; content:"/fqwfqwght/qwrqwrhnb/downloads/dkkfggc.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288369/; classtype:trojan-activity;sid:84151469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288364)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288364/; classtype:trojan-activity;sid:84151464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288358)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288358/; classtype:trojan-activity;sid:84151458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288359)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288359/; classtype:trojan-activity;sid:84151459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288360)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/garm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288360/; classtype:trojan-activity;sid:84151460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288361)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288361/; classtype:trojan-activity;sid:84151461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288362)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288362/; classtype:trojan-activity;sid:84151462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288363)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gx86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288363/; classtype:trojan-activity;sid:84151463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288357)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/garm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288357/; classtype:trojan-activity;sid:84151457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.28.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288356/; classtype:trojan-activity;sid:84151456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288355)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288355/; classtype:trojan-activity;sid:84151455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288351)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288351/; classtype:trojan-activity;sid:84151451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288352)"; flow:established,from_client; content:"GET"; http_method; content:"/h"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288352/; classtype:trojan-activity;sid:84151452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288353)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/garm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288353/; classtype:trojan-activity;sid:84151453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288354)"; flow:established,from_client; content:"GET"; http_method; content:"/sea.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288354/; classtype:trojan-activity;sid:84151454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288349)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288349/; classtype:trojan-activity;sid:84151449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288350)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288350/; classtype:trojan-activity;sid:84151450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.23.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288344/; classtype:trojan-activity;sid:84151444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288345)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288345/; classtype:trojan-activity;sid:84151445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288346)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/garm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288346/; classtype:trojan-activity;sid:84151446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288347)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288347/; classtype:trojan-activity;sid:84151447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288348)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.213.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288348/; classtype:trojan-activity;sid:84151448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288343)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c0r0n4x.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"151.80.169.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288343/; classtype:trojan-activity;sid:84151443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.120.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288342/; classtype:trojan-activity;sid:84151442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288340)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c0r0n4x.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"151.80.169.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288340/; classtype:trojan-activity;sid:84151440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.54.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288341/; classtype:trojan-activity;sid:84151441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288339)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c0r0n4x.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.80.169.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288339/; classtype:trojan-activity;sid:84151439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288338)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c0r0n4x.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.80.169.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288338/; classtype:trojan-activity;sid:84151438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288328)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.80.169.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288328/; classtype:trojan-activity;sid:84151428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288329)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c0r0n4x.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.80.169.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288329/; classtype:trojan-activity;sid:84151429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288330)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c0r0n4x.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"151.80.169.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288330/; classtype:trojan-activity;sid:84151430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288331)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c0r0n4x.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.80.169.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288331/; classtype:trojan-activity;sid:84151431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288332)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c0r0n4x.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"151.80.169.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288332/; classtype:trojan-activity;sid:84151432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288333)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c0r0n4x.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"151.80.169.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288333/; classtype:trojan-activity;sid:84151433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288334)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"151.80.169.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288334/; classtype:trojan-activity;sid:84151434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288335)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c0r0n4x.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"151.80.169.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288335/; classtype:trojan-activity;sid:84151435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288336)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c0r0n4x.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.80.169.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288336/; classtype:trojan-activity;sid:84151436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288337)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"151.80.169.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288337/; classtype:trojan-activity;sid:84151437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.217.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288327/; classtype:trojan-activity;sid:84151427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.222.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288326/; classtype:trojan-activity;sid:84151426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.155.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288325/; classtype:trojan-activity;sid:84151425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.143.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288324/; classtype:trojan-activity;sid:84151424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.85.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288323/; classtype:trojan-activity;sid:84151423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.95.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288321/; classtype:trojan-activity;sid:84151421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.85.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288322/; classtype:trojan-activity;sid:84151422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.212.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288320/; classtype:trojan-activity;sid:84151420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.185.201.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288319/; classtype:trojan-activity;sid:84151419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.154.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288318/; classtype:trojan-activity;sid:84151418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.112.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288317/; classtype:trojan-activity;sid:84151417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.86.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288316/; classtype:trojan-activity;sid:84151416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.128.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288315/; classtype:trojan-activity;sid:84151415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.127.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288314/; classtype:trojan-activity;sid:84151414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.99.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288313/; classtype:trojan-activity;sid:84151413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.172.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288312/; classtype:trojan-activity;sid:84151412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.88.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288311/; classtype:trojan-activity;sid:84151411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.23.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288310/; classtype:trojan-activity;sid:84151410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.131.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288309/; classtype:trojan-activity;sid:84151409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.10.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288308/; classtype:trojan-activity;sid:84151408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.196.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288307/; classtype:trojan-activity;sid:84151407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.108.116.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288306/; classtype:trojan-activity;sid:84151406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.58.80.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288305/; classtype:trojan-activity;sid:84151405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.74.222.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288304/; classtype:trojan-activity;sid:84151404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.42.55.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288299/; classtype:trojan-activity;sid:84151399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.109.234.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288300/; classtype:trojan-activity;sid:84151400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.186.69.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288301/; classtype:trojan-activity;sid:84151401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.51.122.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288302/; classtype:trojan-activity;sid:84151402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.6.64.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288303/; classtype:trojan-activity;sid:84151403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.8.38.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288298/; classtype:trojan-activity;sid:84151398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.183.9.88"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288297/; classtype:trojan-activity;sid:84151397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.240.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288296/; classtype:trojan-activity;sid:84151396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.99.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288295/; classtype:trojan-activity;sid:84151395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.131.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288294/; classtype:trojan-activity;sid:84151394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288293/; classtype:trojan-activity;sid:84151393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.88.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288292/; classtype:trojan-activity;sid:84151392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.85.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288291/; classtype:trojan-activity;sid:84151391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.236.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288290/; classtype:trojan-activity;sid:84151390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.155.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288288/; classtype:trojan-activity;sid:84151388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.87.120.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288289/; classtype:trojan-activity;sid:84151389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288287/; classtype:trojan-activity;sid:84151387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.237.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288286/; classtype:trojan-activity;sid:84151386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.178.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288285/; classtype:trojan-activity;sid:84151385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.16.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288284/; classtype:trojan-activity;sid:84151384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.37.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288283/; classtype:trojan-activity;sid:84151383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288282/; classtype:trojan-activity;sid:84151382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.35.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288281/; classtype:trojan-activity;sid:84151381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.15.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288280/; classtype:trojan-activity;sid:84151380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.39.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288279/; classtype:trojan-activity;sid:84151379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.37.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288278/; classtype:trojan-activity;sid:84151378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.183.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288277/; classtype:trojan-activity;sid:84151377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.240.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288276/; classtype:trojan-activity;sid:84151376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.233.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288275/; classtype:trojan-activity;sid:84151375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.28.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288274/; classtype:trojan-activity;sid:84151374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.127.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288273/; classtype:trojan-activity;sid:84151373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.155.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288272/; classtype:trojan-activity;sid:84151372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.52.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288271/; classtype:trojan-activity;sid:84151371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.55.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288270/; classtype:trojan-activity;sid:84151370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.56.146.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288269/; classtype:trojan-activity;sid:84151369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.236.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288268/; classtype:trojan-activity;sid:84151368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.110.13.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288267/; classtype:trojan-activity;sid:84151367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.209.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288266/; classtype:trojan-activity;sid:84151366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.232.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288265/; classtype:trojan-activity;sid:84151365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.154.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288264/; classtype:trojan-activity;sid:84151364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.183.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288263/; classtype:trojan-activity;sid:84151363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.52.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288262/; classtype:trojan-activity;sid:84151362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.114.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288260/; classtype:trojan-activity;sid:84151360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.2.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288261/; classtype:trojan-activity;sid:84151361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.28.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288259/; classtype:trojan-activity;sid:84151359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288258/; classtype:trojan-activity;sid:84151358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288257/; classtype:trojan-activity;sid:84151357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.93.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288255/; classtype:trojan-activity;sid:84151355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.175.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288256/; classtype:trojan-activity;sid:84151356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.105.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288254/; classtype:trojan-activity;sid:84151354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.11.135.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288253/; classtype:trojan-activity;sid:84151353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.55.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288252/; classtype:trojan-activity;sid:84151352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.209.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288251/; classtype:trojan-activity;sid:84151351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.115.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288250/; classtype:trojan-activity;sid:84151350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.114.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288249/; classtype:trojan-activity;sid:84151349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.32.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288248/; classtype:trojan-activity;sid:84151348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.8.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288247/; classtype:trojan-activity;sid:84151347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.210.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288246/; classtype:trojan-activity;sid:84151346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.75.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288245/; classtype:trojan-activity;sid:84151345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288244/; classtype:trojan-activity;sid:84151344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.169.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288243/; classtype:trojan-activity;sid:84151343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.119.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288241/; classtype:trojan-activity;sid:84151341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.121.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288242/; classtype:trojan-activity;sid:84151342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.181.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288240/; classtype:trojan-activity;sid:84151340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.115.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288238/; classtype:trojan-activity;sid:84151338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.114.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288239/; classtype:trojan-activity;sid:84151339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.41.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288237/; classtype:trojan-activity;sid:84151337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.68.57.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288236/; classtype:trojan-activity;sid:84151336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.71.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288235/; classtype:trojan-activity;sid:84151335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.10.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288234/; classtype:trojan-activity;sid:84151334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.167.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288233/; classtype:trojan-activity;sid:84151333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.93.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288232/; classtype:trojan-activity;sid:84151332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.31.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288231/; classtype:trojan-activity;sid:84151331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.68.57.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288230/; classtype:trojan-activity;sid:84151330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.115.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288229/; classtype:trojan-activity;sid:84151329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288228)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.177.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288228/; classtype:trojan-activity;sid:84151328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.207.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288227/; classtype:trojan-activity;sid:84151327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.2.47"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288226/; classtype:trojan-activity;sid:84151326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.42.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288225/; classtype:trojan-activity;sid:84151325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.22.123.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288224/; classtype:trojan-activity;sid:84151324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.57.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288223/; classtype:trojan-activity;sid:84151323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.114.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288222/; classtype:trojan-activity;sid:84151322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.32.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288221/; classtype:trojan-activity;sid:84151321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.112.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288220/; classtype:trojan-activity;sid:84151320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.181.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288219/; classtype:trojan-activity;sid:84151319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.115.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288217/; classtype:trojan-activity;sid:84151317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.237.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288218/; classtype:trojan-activity;sid:84151318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.118.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288216/; classtype:trojan-activity;sid:84151316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"198.2.88.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288215/; classtype:trojan-activity;sid:84151315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.193.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288214/; classtype:trojan-activity;sid:84151314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.150.232.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288213/; classtype:trojan-activity;sid:84151313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.89.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288212/; classtype:trojan-activity;sid:84151312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.145.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288211/; classtype:trojan-activity;sid:84151311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.42.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288210/; classtype:trojan-activity;sid:84151310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.71.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288209/; classtype:trojan-activity;sid:84151309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.76.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288207/; classtype:trojan-activity;sid:84151307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.227.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288208/; classtype:trojan-activity;sid:84151308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.112.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288206/; classtype:trojan-activity;sid:84151306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.108.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288205/; classtype:trojan-activity;sid:84151305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.35.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288204/; classtype:trojan-activity;sid:84151304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288203/; classtype:trojan-activity;sid:84151303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.39.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288202/; classtype:trojan-activity;sid:84151302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.236.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288201/; classtype:trojan-activity;sid:84151301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288200)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.142.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288200/; classtype:trojan-activity;sid:84151300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.146.26.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288199/; classtype:trojan-activity;sid:84151299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.128.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288198/; classtype:trojan-activity;sid:84151298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.224.82.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288197/; classtype:trojan-activity;sid:84151297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.181.170.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288196/; classtype:trojan-activity;sid:84151296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.45.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288195/; classtype:trojan-activity;sid:84151295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.164.51.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288194/; classtype:trojan-activity;sid:84151294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.155.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288193/; classtype:trojan-activity;sid:84151293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.26.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288192/; classtype:trojan-activity;sid:84151292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.193.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288191/; classtype:trojan-activity;sid:84151291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.227.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288190/; classtype:trojan-activity;sid:84151290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.192.236.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288188/; classtype:trojan-activity;sid:84151288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.7.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288189/; classtype:trojan-activity;sid:84151289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.2.88.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288186/; classtype:trojan-activity;sid:84151286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.75.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288187/; classtype:trojan-activity;sid:84151287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.58.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288185/; classtype:trojan-activity;sid:84151285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.198.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288184/; classtype:trojan-activity;sid:84151284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.36.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288183/; classtype:trojan-activity;sid:84151283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.76.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288182/; classtype:trojan-activity;sid:84151282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.210.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288181/; classtype:trojan-activity;sid:84151281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.71.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288180/; classtype:trojan-activity;sid:84151280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.100.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288179/; classtype:trojan-activity;sid:84151279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.124.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288178/; classtype:trojan-activity;sid:84151278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.84.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288177/; classtype:trojan-activity;sid:84151277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.211.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288176/; classtype:trojan-activity;sid:84151276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.109.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288175/; classtype:trojan-activity;sid:84151275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.107.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288174/; classtype:trojan-activity;sid:84151274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.218.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288173/; classtype:trojan-activity;sid:84151273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.72.177.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288172/; classtype:trojan-activity;sid:84151272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.181.170.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288171/; classtype:trojan-activity;sid:84151271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.81.40"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288170/; classtype:trojan-activity;sid:84151270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.30.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288169/; classtype:trojan-activity;sid:84151269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.45.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288168/; classtype:trojan-activity;sid:84151268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.192.236.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288167/; classtype:trojan-activity;sid:84151267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.17.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288166/; classtype:trojan-activity;sid:84151266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.124.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288165/; classtype:trojan-activity;sid:84151265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.210.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288164/; classtype:trojan-activity;sid:84151264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.7.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288163/; classtype:trojan-activity;sid:84151263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.2.48"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288162/; classtype:trojan-activity;sid:84151262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.69.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288161/; classtype:trojan-activity;sid:84151261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.2.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288160/; classtype:trojan-activity;sid:84151260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.128.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288159/; classtype:trojan-activity;sid:84151259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.90.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288158/; classtype:trojan-activity;sid:84151258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.2.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288157/; classtype:trojan-activity;sid:84151257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.176.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288156/; classtype:trojan-activity;sid:84151256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.251.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288154/; classtype:trojan-activity;sid:84151254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.84.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288155/; classtype:trojan-activity;sid:84151255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.248.37.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288153/; classtype:trojan-activity;sid:84151253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.13.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288152/; classtype:trojan-activity;sid:84151252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.30.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288151/; classtype:trojan-activity;sid:84151251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.100.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288150/; classtype:trojan-activity;sid:84151250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.196.169.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288149/; classtype:trojan-activity;sid:84151249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.46.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288148/; classtype:trojan-activity;sid:84151248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288147)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.191.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288147/; classtype:trojan-activity;sid:84151247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.17.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288146/; classtype:trojan-activity;sid:84151246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.22.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288145/; classtype:trojan-activity;sid:84151245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.98.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288144/; classtype:trojan-activity;sid:84151244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.204.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288143/; classtype:trojan-activity;sid:84151243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.100.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288142/; classtype:trojan-activity;sid:84151242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.2.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288141/; classtype:trojan-activity;sid:84151241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.176.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288140/; classtype:trojan-activity;sid:84151240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.63.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288139/; classtype:trojan-activity;sid:84151239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.248.37.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288138/; classtype:trojan-activity;sid:84151238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288137)"; flow:established,from_client; content:"GET"; http_method; content:"/orderreview"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"sukw.range.cccinvolve.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288137/; classtype:trojan-activity;sid:84151237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.66.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288136/; classtype:trojan-activity;sid:84151236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.179.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288134/; classtype:trojan-activity;sid:84151234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.196.169.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288135/; classtype:trojan-activity;sid:84151235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.202.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288133/; classtype:trojan-activity;sid:84151233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.204.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288132/; classtype:trojan-activity;sid:84151232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.214.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288131/; classtype:trojan-activity;sid:84151231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288130)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.250.238.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288130/; classtype:trojan-activity;sid:84151230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288129)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.250.238.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288129/; classtype:trojan-activity;sid:84151229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288123)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.250.238.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288123/; classtype:trojan-activity;sid:84151223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288124)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.250.238.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288124/; classtype:trojan-activity;sid:84151224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288125)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.250.238.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288125/; classtype:trojan-activity;sid:84151225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288126)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.250.238.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288126/; classtype:trojan-activity;sid:84151226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288127)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.250.238.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288127/; classtype:trojan-activity;sid:84151227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288128)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.250.238.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288128/; classtype:trojan-activity;sid:84151228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288119)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.250.238.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288119/; classtype:trojan-activity;sid:84151219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288120)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.250.238.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288120/; classtype:trojan-activity;sid:84151220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288121)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.250.238.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288121/; classtype:trojan-activity;sid:84151221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.92.240.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288118/; classtype:trojan-activity;sid:84151218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.69.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288117/; classtype:trojan-activity;sid:84151217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.117.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288116/; classtype:trojan-activity;sid:84151216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.137.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288115/; classtype:trojan-activity;sid:84151215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.98.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288114/; classtype:trojan-activity;sid:84151214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288112)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288112/; classtype:trojan-activity;sid:84151212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288113)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288113/; classtype:trojan-activity;sid:84151213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288111)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288111/; classtype:trojan-activity;sid:84151211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288101)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288101/; classtype:trojan-activity;sid:84151201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288102)"; flow:established,from_client; content:"GET"; http_method; content:"/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288102/; classtype:trojan-activity;sid:84151202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288103)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288103/; classtype:trojan-activity;sid:84151203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288104)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288104/; classtype:trojan-activity;sid:84151204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288105)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288105/; classtype:trojan-activity;sid:84151205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288106)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288106/; classtype:trojan-activity;sid:84151206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288107)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288107/; classtype:trojan-activity;sid:84151207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288108)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288108/; classtype:trojan-activity;sid:84151208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288109)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288109/; classtype:trojan-activity;sid:84151209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288110)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288110/; classtype:trojan-activity;sid:84151210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288093)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288093/; classtype:trojan-activity;sid:84151193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288094)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288094/; classtype:trojan-activity;sid:84151194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288095)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288095/; classtype:trojan-activity;sid:84151195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288096)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288096/; classtype:trojan-activity;sid:84151196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288097)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288097/; classtype:trojan-activity;sid:84151197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288098)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288098/; classtype:trojan-activity;sid:84151198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288099)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288099/; classtype:trojan-activity;sid:84151199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288100)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288100/; classtype:trojan-activity;sid:84151200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288092)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288092/; classtype:trojan-activity;sid:84151192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288090)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288090/; classtype:trojan-activity;sid:84151190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288091)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288091/; classtype:trojan-activity;sid:84151191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288081)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288081/; classtype:trojan-activity;sid:84151181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288082)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288082/; classtype:trojan-activity;sid:84151182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288083)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288083/; classtype:trojan-activity;sid:84151183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288084)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288084/; classtype:trojan-activity;sid:84151184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288085)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sparc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288085/; classtype:trojan-activity;sid:84151185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288086)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.i586"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288086/; classtype:trojan-activity;sid:84151186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288087)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288087/; classtype:trojan-activity;sid:84151187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288088)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288088/; classtype:trojan-activity;sid:84151188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288089)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288089/; classtype:trojan-activity;sid:84151189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288076)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.arm4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288076/; classtype:trojan-activity;sid:84151176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288077)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288077/; classtype:trojan-activity;sid:84151177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288078)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288078/; classtype:trojan-activity;sid:84151178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288079)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i686"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288079/; classtype:trojan-activity;sid:84151179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288080)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288080/; classtype:trojan-activity;sid:84151180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.170.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288075/; classtype:trojan-activity;sid:84151175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288070)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.sparc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288070/; classtype:trojan-activity;sid:84151170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288071)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288071/; classtype:trojan-activity;sid:84151171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288072)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288072/; classtype:trojan-activity;sid:84151172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288073)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288073/; classtype:trojan-activity;sid:84151173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288074)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288074/; classtype:trojan-activity;sid:84151174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288069)"; flow:established,from_client; content:"GET"; http_method; content:"/z"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288069/; classtype:trojan-activity;sid:84151169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288068)"; flow:established,from_client; content:"GET"; http_method; content:"/splash.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288068/; classtype:trojan-activity;sid:84151168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288063)"; flow:established,from_client; content:"GET"; http_method; content:"/get.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288063/; classtype:trojan-activity;sid:84151163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288064)"; flow:established,from_client; content:"GET"; http_method; content:"/h"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288064/; classtype:trojan-activity;sid:84151164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288065)"; flow:established,from_client; content:"GET"; http_method; content:"/c1"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288065/; classtype:trojan-activity;sid:84151165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288066)"; flow:established,from_client; content:"GET"; http_method; content:"/76d32be0.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288066/; classtype:trojan-activity;sid:84151166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288067)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288067/; classtype:trojan-activity;sid:84151167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288049)"; flow:established,from_client; content:"GET"; http_method; content:"/v"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288049/; classtype:trojan-activity;sid:84151149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288050)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288050/; classtype:trojan-activity;sid:84151150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288051)"; flow:established,from_client; content:"GET"; http_method; content:"/c1.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288051/; classtype:trojan-activity;sid:84151151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288052)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288052/; classtype:trojan-activity;sid:84151152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288053)"; flow:established,from_client; content:"GET"; http_method; content:"/e"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288053/; classtype:trojan-activity;sid:84151153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288054)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288054/; classtype:trojan-activity;sid:84151154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288055)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288055/; classtype:trojan-activity;sid:84151155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288056)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288056/; classtype:trojan-activity;sid:84151156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288057)"; flow:established,from_client; content:"GET"; http_method; content:"/d"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288057/; classtype:trojan-activity;sid:84151157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288058)"; flow:established,from_client; content:"GET"; http_method; content:"/yak.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288058/; classtype:trojan-activity;sid:84151158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288059)"; flow:established,from_client; content:"GET"; http_method; content:"/necr0.py"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288059/; classtype:trojan-activity;sid:84151159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288060)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288060/; classtype:trojan-activity;sid:84151160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288061)"; flow:established,from_client; content:"GET"; http_method; content:"/r"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288061/; classtype:trojan-activity;sid:84151161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288062)"; flow:established,from_client; content:"GET"; http_method; content:"/u"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.57.165.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288062/; classtype:trojan-activity;sid:84151162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.67.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288048/; classtype:trojan-activity;sid:84151148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.255.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288047/; classtype:trojan-activity;sid:84151147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.244.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288046/; classtype:trojan-activity;sid:84151146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.117.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288045/; classtype:trojan-activity;sid:84151145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.92.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288044/; classtype:trojan-activity;sid:84151144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288043)"; flow:established,from_client; content:"GET"; http_method; content:"/paz/pan2.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.145.97.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288043/; classtype:trojan-activity;sid:84151143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288042)"; flow:established,from_client; content:"GET"; http_method; content:"/paz/pan3.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"gatugo.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288042/; classtype:trojan-activity;sid:84151142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288041)"; flow:established,from_client; content:"GET"; http_method; content:"/paz/pan3.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.145.97.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288041/; classtype:trojan-activity;sid:84151141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288039)"; flow:established,from_client; content:"GET"; http_method; content:"/paz/pan3.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.145.97.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288039/; classtype:trojan-activity;sid:84151139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288040)"; flow:established,from_client; content:"GET"; http_method; content:"/paz/pan3.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"gatugo.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288040/; classtype:trojan-activity;sid:84151140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288037)"; flow:established,from_client; content:"GET"; http_method; content:"/paz/pan4.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.145.97.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288037/; classtype:trojan-activity;sid:84151137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288038)"; flow:established,from_client; content:"GET"; http_method; content:"/paz/pan4.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"gatugo.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288038/; classtype:trojan-activity;sid:84151138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288036)"; flow:established,from_client; content:"GET"; http_method; content:"/paz/pan4.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"gatugo.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288036/; classtype:trojan-activity;sid:84151136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288035)"; flow:established,from_client; content:"GET"; http_method; content:"/paz/pan4.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.145.97.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288035/; classtype:trojan-activity;sid:84151135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288031)"; flow:established,from_client; content:"GET"; http_method; content:"/paz/pan1.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"gatugo.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288031/; classtype:trojan-activity;sid:84151131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288032)"; flow:established,from_client; content:"GET"; http_method; content:"/paz/pan2.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"gatugo.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288032/; classtype:trojan-activity;sid:84151132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288033)"; flow:established,from_client; content:"GET"; http_method; content:"/paz/pan2.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.145.97.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288033/; classtype:trojan-activity;sid:84151133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288034)"; flow:established,from_client; content:"GET"; http_method; content:"/paz/pan1.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.145.97.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288034/; classtype:trojan-activity;sid:84151134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288028)"; flow:established,from_client; content:"GET"; http_method; content:"/paz/pan1.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.145.97.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288028/; classtype:trojan-activity;sid:84151128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288029)"; flow:established,from_client; content:"GET"; http_method; content:"/paz/pan1.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"gatugo.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288029/; classtype:trojan-activity;sid:84151129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288030)"; flow:established,from_client; content:"GET"; http_method; content:"/paz/pan2.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"gatugo.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288030/; classtype:trojan-activity;sid:84151130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.137.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288027/; classtype:trojan-activity;sid:84151127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.56.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288026/; classtype:trojan-activity;sid:84151126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.14.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288025/; classtype:trojan-activity;sid:84151125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.11.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288024/; classtype:trojan-activity;sid:84151124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.209.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288023/; classtype:trojan-activity;sid:84151123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.157.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288022/; classtype:trojan-activity;sid:84151122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.40.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288021/; classtype:trojan-activity;sid:84151121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.67.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288020/; classtype:trojan-activity;sid:84151120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.117.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288019/; classtype:trojan-activity;sid:84151119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.142.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288018/; classtype:trojan-activity;sid:84151118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.244.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288017/; classtype:trojan-activity;sid:84151117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.139.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288016/; classtype:trojan-activity;sid:84151116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288014)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/meerkat.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288014/; classtype:trojan-activity;sid:84151114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.69.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288015/; classtype:trojan-activity;sid:84151115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.102.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288003/; classtype:trojan-activity;sid:84151103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288004)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/meerkat.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288004/; classtype:trojan-activity;sid:84151104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288005)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/meerkat.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288005/; classtype:trojan-activity;sid:84151105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288006)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/meerkat.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288006/; classtype:trojan-activity;sid:84151106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288007)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/meerkat.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288007/; classtype:trojan-activity;sid:84151107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288008)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/meerkat.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288008/; classtype:trojan-activity;sid:84151108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288009)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/meerkat.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288009/; classtype:trojan-activity;sid:84151109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288010)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/meerkat.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288010/; classtype:trojan-activity;sid:84151110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288011)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/meerkat.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288011/; classtype:trojan-activity;sid:84151111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288012)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/meerkat.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288012/; classtype:trojan-activity;sid:84151112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288013)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/meerkat.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288013/; classtype:trojan-activity;sid:84151113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.157.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288002/; classtype:trojan-activity;sid:84151102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.48.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288001/; classtype:trojan-activity;sid:84151101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.237.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288000/; classtype:trojan-activity;sid:84151100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.107.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287999/; classtype:trojan-activity;sid:84151099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.182.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287998/; classtype:trojan-activity;sid:84151098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.26.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287997/; classtype:trojan-activity;sid:84151097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.32.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287996/; classtype:trojan-activity;sid:84151096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.40.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287995/; classtype:trojan-activity;sid:84151095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.98.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287994/; classtype:trojan-activity;sid:84151094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.56.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287993/; classtype:trojan-activity;sid:84151093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.88.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287992/; classtype:trojan-activity;sid:84151092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.168.162.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287991/; classtype:trojan-activity;sid:84151091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.159.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287990/; classtype:trojan-activity;sid:84151090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.235.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287989/; classtype:trojan-activity;sid:84151089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.65.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287988/; classtype:trojan-activity;sid:84151088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.67.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287987/; classtype:trojan-activity;sid:84151087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287986/; classtype:trojan-activity;sid:84151086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.243.133.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287985/; classtype:trojan-activity;sid:84151085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.107.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287984/; classtype:trojan-activity;sid:84151084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.48.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287983/; classtype:trojan-activity;sid:84151083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.246.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287982/; classtype:trojan-activity;sid:84151082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.168.162.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287981/; classtype:trojan-activity;sid:84151081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.65.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287980/; classtype:trojan-activity;sid:84151080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.5.42"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287979/; classtype:trojan-activity;sid:84151079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"164.163.25.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287978/; classtype:trojan-activity;sid:84151078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.159.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287977/; classtype:trojan-activity;sid:84151077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.238.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287976/; classtype:trojan-activity;sid:84151076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.249.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287975/; classtype:trojan-activity;sid:84151075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.110.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287974/; classtype:trojan-activity;sid:84151074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.144.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287973/; classtype:trojan-activity;sid:84151073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.88.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287972/; classtype:trojan-activity;sid:84151072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.235.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287971/; classtype:trojan-activity;sid:84151071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.67.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287970/; classtype:trojan-activity;sid:84151070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287969)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1blf0zzvh-eywcjtnvheiotml9tgypmcr"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287969/; classtype:trojan-activity;sid:84151069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287968)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ooimdag94mrdppxidgzaresdeev0fzwi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287968/; classtype:trojan-activity;sid:84151068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.66.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287967/; classtype:trojan-activity;sid:84151067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287966/; classtype:trojan-activity;sid:84151066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287965)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.52.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287965/; classtype:trojan-activity;sid:84151065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287964)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287964/; classtype:trojan-activity;sid:84151064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287963/; classtype:trojan-activity;sid:84151063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.200.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287962/; classtype:trojan-activity;sid:84151062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.246.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287961/; classtype:trojan-activity;sid:84151061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287959/; classtype:trojan-activity;sid:84151059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.34.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287960/; classtype:trojan-activity;sid:84151060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.129.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287958/; classtype:trojan-activity;sid:84151058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.65.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287957/; classtype:trojan-activity;sid:84151057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287956)"; flow:established,from_client; content:"GET"; http_method; content:"/kaxnvvwaqv3.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"kinltd.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287956/; classtype:trojan-activity;sid:84151056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287955)"; flow:established,from_client; content:"GET"; http_method; content:"/zihpzkmmlckfsra217.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"212.162.149.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287955/; classtype:trojan-activity;sid:84151055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287953)"; flow:established,from_client; content:"GET"; http_method; content:"/xdreuo191.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"109.248.151.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287953/; classtype:trojan-activity;sid:84151053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.249.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287954/; classtype:trojan-activity;sid:84151054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.4.56"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287952/; classtype:trojan-activity;sid:84151052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.200.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287951/; classtype:trojan-activity;sid:84151051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287950)"; flow:established,from_client; content:"GET"; http_method; content:"/rearyzgrn117.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"23.226.128.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287950/; classtype:trojan-activity;sid:84151050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.243.133.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287949/; classtype:trojan-activity;sid:84151049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.215.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287948/; classtype:trojan-activity;sid:84151048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287947)"; flow:established,from_client; content:"GET"; http_method; content:"/allin"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"116.198.204.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287947/; classtype:trojan-activity;sid:84151047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287941)"; flow:established,from_client; content:"GET"; http_method; content:"/app"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"116.198.204.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287941/; classtype:trojan-activity;sid:84151041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287942)"; flow:established,from_client; content:"GET"; http_method; content:"/download.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"116.198.204.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287942/; classtype:trojan-activity;sid:84151042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287943)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.198.204.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287943/; classtype:trojan-activity;sid:84151043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287944)"; flow:established,from_client; content:"GET"; http_method; content:"/app.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"116.198.204.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287944/; classtype:trojan-activity;sid:84151044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287945)"; flow:established,from_client; content:"GET"; http_method; content:"/downloader.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.198.204.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287945/; classtype:trojan-activity;sid:84151045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287946)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_x64_agent_no_crypt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.198.204.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287946/; classtype:trojan-activity;sid:84151046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.192.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287940/; classtype:trojan-activity;sid:84151040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.232.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287939/; classtype:trojan-activity;sid:84151039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.35.78.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287938/; classtype:trojan-activity;sid:84151038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.51.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287937/; classtype:trojan-activity;sid:84151037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.2.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287936/; classtype:trojan-activity;sid:84151036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.34.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287935/; classtype:trojan-activity;sid:84151035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.235.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287934/; classtype:trojan-activity;sid:84151034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.246.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287933/; classtype:trojan-activity;sid:84151033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.131.68.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287932/; classtype:trojan-activity;sid:84151032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.20.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287931/; classtype:trojan-activity;sid:84151031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.249.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287930/; classtype:trojan-activity;sid:84151030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.219.128.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287929/; classtype:trojan-activity;sid:84151029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.215.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287928/; classtype:trojan-activity;sid:84151028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.82.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287927/; classtype:trojan-activity;sid:84151027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.158.100.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287926/; classtype:trojan-activity;sid:84151026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.146.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287925/; classtype:trojan-activity;sid:84151025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.2.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287924/; classtype:trojan-activity;sid:84151024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287923/; classtype:trojan-activity;sid:84151023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.15.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287922/; classtype:trojan-activity;sid:84151022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.81.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287921/; classtype:trojan-activity;sid:84151021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.117.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287920/; classtype:trojan-activity;sid:84151020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.11.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287919/; classtype:trojan-activity;sid:84151019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.216.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287918/; classtype:trojan-activity;sid:84151018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.229.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287917/; classtype:trojan-activity;sid:84151017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.158.100.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287915/; classtype:trojan-activity;sid:84151015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287916)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.232.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287916/; classtype:trojan-activity;sid:84151016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287914)"; flow:established,from_client; content:"GET"; http_method; content:"/gotocheckout"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dfg.events.socalpocis.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287914/; classtype:trojan-activity;sid:84151014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.124.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287913/; classtype:trojan-activity;sid:84151013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.215.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287912/; classtype:trojan-activity;sid:84151012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.81.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287911/; classtype:trojan-activity;sid:84151011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.15.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287910/; classtype:trojan-activity;sid:84151010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.89.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287909/; classtype:trojan-activity;sid:84151009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287908)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.99.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287908/; classtype:trojan-activity;sid:84151008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.69.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287907/; classtype:trojan-activity;sid:84151007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.253.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287906/; classtype:trojan-activity;sid:84151006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.124.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287905/; classtype:trojan-activity;sid:84151005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.236.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287904/; classtype:trojan-activity;sid:84151004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.206.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287902/; classtype:trojan-activity;sid:84151002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.45.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287903/; classtype:trojan-activity;sid:84151003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.34.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287901/; classtype:trojan-activity;sid:84151001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.133.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287900/; classtype:trojan-activity;sid:84151000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.160.112.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287899/; classtype:trojan-activity;sid:84150999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.190.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287898/; classtype:trojan-activity;sid:84150998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.154.80.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287897/; classtype:trojan-activity;sid:84150997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.90.246.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287896/; classtype:trojan-activity;sid:84150996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287895)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.49.65.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287895/; classtype:trojan-activity;sid:84150995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.160.112.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287894/; classtype:trojan-activity;sid:84150994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.122.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287893/; classtype:trojan-activity;sid:84150993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.180.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287892/; classtype:trojan-activity;sid:84150992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.10.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287891/; classtype:trojan-activity;sid:84150991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.108.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287889/; classtype:trojan-activity;sid:84150989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287890)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.60.106.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287890/; classtype:trojan-activity;sid:84150990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.34.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287888/; classtype:trojan-activity;sid:84150988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.173.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287887/; classtype:trojan-activity;sid:84150987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.17.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287886/; classtype:trojan-activity;sid:84150986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.83.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287885/; classtype:trojan-activity;sid:84150985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.66.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287884/; classtype:trojan-activity;sid:84150984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.206.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287883/; classtype:trojan-activity;sid:84150983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.182.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287882/; classtype:trojan-activity;sid:84150982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.83.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287881/; classtype:trojan-activity;sid:84150981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.177.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287880/; classtype:trojan-activity;sid:84150980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.90.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287879/; classtype:trojan-activity;sid:84150979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.5.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287878/; classtype:trojan-activity;sid:84150978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.54.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287877/; classtype:trojan-activity;sid:84150977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.9.144"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287876/; classtype:trojan-activity;sid:84150976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.182.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287875/; classtype:trojan-activity;sid:84150975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.240.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287874/; classtype:trojan-activity;sid:84150974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.43.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287873/; classtype:trojan-activity;sid:84150973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.198.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287872/; classtype:trojan-activity;sid:84150972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.82.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287871/; classtype:trojan-activity;sid:84150971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.56.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287870/; classtype:trojan-activity;sid:84150970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.124.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287869/; classtype:trojan-activity;sid:84150969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.195.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287868/; classtype:trojan-activity;sid:84150968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.82.156.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287867/; classtype:trojan-activity;sid:84150967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.240.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287866/; classtype:trojan-activity;sid:84150966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.52.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287865/; classtype:trojan-activity;sid:84150965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.3.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287863/; classtype:trojan-activity;sid:84150963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.225.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287864/; classtype:trojan-activity;sid:84150964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.240.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287862/; classtype:trojan-activity;sid:84150962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.120.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287861/; classtype:trojan-activity;sid:84150961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.102.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287860/; classtype:trojan-activity;sid:84150960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.5.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287859/; classtype:trojan-activity;sid:84150959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.195.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287858/; classtype:trojan-activity;sid:84150958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.125.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287857/; classtype:trojan-activity;sid:84150957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.25.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287856/; classtype:trojan-activity;sid:84150956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.225.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287855/; classtype:trojan-activity;sid:84150955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.69.115.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287854/; classtype:trojan-activity;sid:84150954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.183.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287853/; classtype:trojan-activity;sid:84150953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.166.11.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287852/; classtype:trojan-activity;sid:84150952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.11.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287851/; classtype:trojan-activity;sid:84150951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.201.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287850/; classtype:trojan-activity;sid:84150950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.120.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287849/; classtype:trojan-activity;sid:84150949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.102.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287848/; classtype:trojan-activity;sid:84150948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.37.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287847/; classtype:trojan-activity;sid:84150947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.54.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287846/; classtype:trojan-activity;sid:84150946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.11.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287845/; classtype:trojan-activity;sid:84150945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.16.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287842/; classtype:trojan-activity;sid:84150942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287843/; classtype:trojan-activity;sid:84150943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287844/; classtype:trojan-activity;sid:84150944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.89.126.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287840/; classtype:trojan-activity;sid:84150940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.33.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287841/; classtype:trojan-activity;sid:84150941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.33.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287839/; classtype:trojan-activity;sid:84150939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.169.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287838/; classtype:trojan-activity;sid:84150938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.116.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287837/; classtype:trojan-activity;sid:84150937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.114.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287836/; classtype:trojan-activity;sid:84150936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.122.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287835/; classtype:trojan-activity;sid:84150935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.115.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287834/; classtype:trojan-activity;sid:84150934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.91.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287833/; classtype:trojan-activity;sid:84150933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.249.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287832/; classtype:trojan-activity;sid:84150932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287831)"; flow:established,from_client; content:"GET"; http_method; content:"/bad.elf"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.32.200.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287831/; classtype:trojan-activity;sid:84150931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.107.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287830/; classtype:trojan-activity;sid:84150930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.143.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287829/; classtype:trojan-activity;sid:84150929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.18.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287828/; classtype:trojan-activity;sid:84150928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.246.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287827/; classtype:trojan-activity;sid:84150927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.172.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287826/; classtype:trojan-activity;sid:84150926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.152.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287825/; classtype:trojan-activity;sid:84150925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.152.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287824/; classtype:trojan-activity;sid:84150924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.165.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287823/; classtype:trojan-activity;sid:84150923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.178.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287822/; classtype:trojan-activity;sid:84150922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.43.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287821/; classtype:trojan-activity;sid:84150921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.2.48"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287820/; classtype:trojan-activity;sid:84150920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.216.166.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287819/; classtype:trojan-activity;sid:84150919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.2.58"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287817/; classtype:trojan-activity;sid:84150917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.88.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287818/; classtype:trojan-activity;sid:84150918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.145.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287816/; classtype:trojan-activity;sid:84150916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.169.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287815/; classtype:trojan-activity;sid:84150915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.25.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287814/; classtype:trojan-activity;sid:84150914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.105.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287813/; classtype:trojan-activity;sid:84150913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287812/; classtype:trojan-activity;sid:84150912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.243.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287811/; classtype:trojan-activity;sid:84150911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.126.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287810/; classtype:trojan-activity;sid:84150910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.32.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287809/; classtype:trojan-activity;sid:84150909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.169.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287807/; classtype:trojan-activity;sid:84150907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.251.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287808/; classtype:trojan-activity;sid:84150908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.56.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287806/; classtype:trojan-activity;sid:84150906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.165.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287805/; classtype:trojan-activity;sid:84150905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.124.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287804/; classtype:trojan-activity;sid:84150904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287803)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.216.20.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287803/; classtype:trojan-activity;sid:84150903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.126.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287802/; classtype:trojan-activity;sid:84150902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.68.142.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287800/; classtype:trojan-activity;sid:84150900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.10.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287801/; classtype:trojan-activity;sid:84150901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.121.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287799/; classtype:trojan-activity;sid:84150899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.125.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287798/; classtype:trojan-activity;sid:84150898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.124.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287797/; classtype:trojan-activity;sid:84150897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.155.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287796/; classtype:trojan-activity;sid:84150896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.84.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287795/; classtype:trojan-activity;sid:84150895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.105.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287794/; classtype:trojan-activity;sid:84150894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.56.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287793/; classtype:trojan-activity;sid:84150893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.18.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287792/; classtype:trojan-activity;sid:84150892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.136.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287791/; classtype:trojan-activity;sid:84150891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.15.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287790/; classtype:trojan-activity;sid:84150890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.210.96.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287789/; classtype:trojan-activity;sid:84150889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.148.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287788/; classtype:trojan-activity;sid:84150888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.52.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287787/; classtype:trojan-activity;sid:84150887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.93.16.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287786/; classtype:trojan-activity;sid:84150886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.155.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287785/; classtype:trojan-activity;sid:84150885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.84.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287784/; classtype:trojan-activity;sid:84150884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.116.122.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287783/; classtype:trojan-activity;sid:84150883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.11.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287782/; classtype:trojan-activity;sid:84150882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.173.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287781/; classtype:trojan-activity;sid:84150881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.210.96.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287780/; classtype:trojan-activity;sid:84150880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.148.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287779/; classtype:trojan-activity;sid:84150879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.152.20.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287778/; classtype:trojan-activity;sid:84150878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.77.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287777/; classtype:trojan-activity;sid:84150877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.116.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287776/; classtype:trojan-activity;sid:84150876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.183.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287774/; classtype:trojan-activity;sid:84150874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.126.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287775/; classtype:trojan-activity;sid:84150875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.52.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287773/; classtype:trojan-activity;sid:84150873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.81.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287772/; classtype:trojan-activity;sid:84150872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287757)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.minebeo.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287757/; classtype:trojan-activity;sid:84150857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287758)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"botnet.minebeo.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287758/; classtype:trojan-activity;sid:84150858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287759)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.minebeo.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287759/; classtype:trojan-activity;sid:84150859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287760)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.minebeo.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287760/; classtype:trojan-activity;sid:84150860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287750)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.minebeo.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287750/; classtype:trojan-activity;sid:84150850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287751)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.minebeo.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287751/; classtype:trojan-activity;sid:84150851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287752)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.minebeo.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287752/; classtype:trojan-activity;sid:84150852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287753)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.minebeo.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287753/; classtype:trojan-activity;sid:84150853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287754)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.minebeo.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287754/; classtype:trojan-activity;sid:84150854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287755)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.minebeo.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287755/; classtype:trojan-activity;sid:84150855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287756)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.minebeo.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287756/; classtype:trojan-activity;sid:84150856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.193.59.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287749/; classtype:trojan-activity;sid:84150849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.93.16.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287748/; classtype:trojan-activity;sid:84150848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.16.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287747/; classtype:trojan-activity;sid:84150847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.44.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287746/; classtype:trojan-activity;sid:84150846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.205.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287745/; classtype:trojan-activity;sid:84150845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.128.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287744/; classtype:trojan-activity;sid:84150844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.152.20.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287743/; classtype:trojan-activity;sid:84150843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.85.55.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287742/; classtype:trojan-activity;sid:84150842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.103.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287741/; classtype:trojan-activity;sid:84150841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287740/; classtype:trojan-activity;sid:84150840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.54.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287736/; classtype:trojan-activity;sid:84150836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.83.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287737/; classtype:trojan-activity;sid:84150837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.16.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287738/; classtype:trojan-activity;sid:84150838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.173.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287739/; classtype:trojan-activity;sid:84150839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.116.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287734/; classtype:trojan-activity;sid:84150834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.43.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287735/; classtype:trojan-activity;sid:84150835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.22.123.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287733/; classtype:trojan-activity;sid:84150833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.94.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287732/; classtype:trojan-activity;sid:84150832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287731/; classtype:trojan-activity;sid:84150831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.66.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287730/; classtype:trojan-activity;sid:84150830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287729)"; flow:established,from_client; content:"GET"; http_method; content:"/7blhqsgofx/payload.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"transfer.whalebone.io"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287729/; classtype:trojan-activity;sid:84150829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287728)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.60.59.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287728/; classtype:trojan-activity;sid:84150828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287727)"; flow:established,from_client; content:"GET"; http_method; content:"/ransom.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"152.42.221.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287727/; classtype:trojan-activity;sid:84150827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.1.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287726/; classtype:trojan-activity;sid:84150826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.166.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287725/; classtype:trojan-activity;sid:84150825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.77.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287724/; classtype:trojan-activity;sid:84150824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287723/; classtype:trojan-activity;sid:84150823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.164.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287722/; classtype:trojan-activity;sid:84150822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287721)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.229.127.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287721/; classtype:trojan-activity;sid:84150821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287719)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.148.5.228"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287719/; classtype:trojan-activity;sid:84150819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287720)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.177.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287720/; classtype:trojan-activity;sid:84150820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287718)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.138.28.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287718/; classtype:trojan-activity;sid:84150818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287717)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.234.81.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287717/; classtype:trojan-activity;sid:84150817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.0.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287716/; classtype:trojan-activity;sid:84150816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.232.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287715/; classtype:trojan-activity;sid:84150815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287714)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.102.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287714/; classtype:trojan-activity;sid:84150814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287713)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.126.18.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287713/; classtype:trojan-activity;sid:84150813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287712)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"159.75.74.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287712/; classtype:trojan-activity;sid:84150812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287710)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.39.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287710/; classtype:trojan-activity;sid:84150810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287711)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.116.246.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287711/; classtype:trojan-activity;sid:84150811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287700)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"142.93.209.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287700/; classtype:trojan-activity;sid:84150800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287701)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.59.48.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287701/; classtype:trojan-activity;sid:84150801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287702)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.238.227.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287702/; classtype:trojan-activity;sid:84150802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287703)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.136.218.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287703/; classtype:trojan-activity;sid:84150803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287704)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.46.183.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287704/; classtype:trojan-activity;sid:84150804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287705)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.155.147.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287705/; classtype:trojan-activity;sid:84150805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287706)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.136.218.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287706/; classtype:trojan-activity;sid:84150806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287707)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.94.179.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287707/; classtype:trojan-activity;sid:84150807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287708)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"36.138.229.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287708/; classtype:trojan-activity;sid:84150808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287709)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.59.48.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287709/; classtype:trojan-activity;sid:84150809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287689)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.96.12.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287689/; classtype:trojan-activity;sid:84150789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287690)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.121.211.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287690/; classtype:trojan-activity;sid:84150790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287691)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"142.93.209.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287691/; classtype:trojan-activity;sid:84150791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287692)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.57.209.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287692/; classtype:trojan-activity;sid:84150792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287693)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.141.83.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287693/; classtype:trojan-activity;sid:84150793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287694)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.119.18.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287694/; classtype:trojan-activity;sid:84150794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287695)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.43.110.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287695/; classtype:trojan-activity;sid:84150795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287696)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.196.53.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287696/; classtype:trojan-activity;sid:84150796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287697)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.251.16.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287697/; classtype:trojan-activity;sid:84150797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287698)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.220.76.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287698/; classtype:trojan-activity;sid:84150798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287699)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.137.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287699/; classtype:trojan-activity;sid:84150799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287687)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.59.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287687/; classtype:trojan-activity;sid:84150787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287688)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.233.254.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287688/; classtype:trojan-activity;sid:84150788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.193.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287683/; classtype:trojan-activity;sid:84150783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.34.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287684/; classtype:trojan-activity;sid:84150784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287685)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"122.51.10.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287685/; classtype:trojan-activity;sid:84150785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287686)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.207.196.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287686/; classtype:trojan-activity;sid:84150786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287682)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.215.238.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287682/; classtype:trojan-activity;sid:84150782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287681)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.113.231.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287681/; classtype:trojan-activity;sid:84150781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287679)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.105.204.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287679/; classtype:trojan-activity;sid:84150779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287680)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.45.19.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287680/; classtype:trojan-activity;sid:84150780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287678)"; flow:established,from_client; content:"GET"; http_method; content:"/synaptics.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"boostcreatives-ai.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287678/; classtype:trojan-activity;sid:84150778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287673)"; flow:established,from_client; content:"GET"; http_method; content:"/5.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"efaoehfohahighiee.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287673/; classtype:trojan-activity;sid:84150773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287674)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"20.6.130.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287674/; classtype:trojan-activity;sid:84150774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.245.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287675/; classtype:trojan-activity;sid:84150775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287676)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"20.6.130.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287676/; classtype:trojan-activity;sid:84150776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287677)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"20.6.130.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287677/; classtype:trojan-activity;sid:84150777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287665)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"20.6.130.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287665/; classtype:trojan-activity;sid:84150765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287666)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"20.6.130.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287666/; classtype:trojan-activity;sid:84150766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287667)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"20.6.130.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287667/; classtype:trojan-activity;sid:84150767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287668)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"20.6.130.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287668/; classtype:trojan-activity;sid:84150768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287669)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"20.6.130.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287669/; classtype:trojan-activity;sid:84150769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287670)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"20.6.130.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287670/; classtype:trojan-activity;sid:84150770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287671)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"20.6.130.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287671/; classtype:trojan-activity;sid:84150771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287672)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"20.6.130.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287672/; classtype:trojan-activity;sid:84150772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287656)"; flow:established,from_client; content:"GET"; http_method; content:"/6.hta"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"new-tech-savvy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287656/; classtype:trojan-activity;sid:84150756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287657)"; flow:established,from_client; content:"GET"; http_method; content:"/5.hta"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"new-tech-savvy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287657/; classtype:trojan-activity;sid:84150757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287658)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.215.238.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287658/; classtype:trojan-activity;sid:84150758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287659)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.215.238.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287659/; classtype:trojan-activity;sid:84150759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287660)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"178.215.238.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287660/; classtype:trojan-activity;sid:84150760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287661)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.215.238.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287661/; classtype:trojan-activity;sid:84150761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287662)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.215.238.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287662/; classtype:trojan-activity;sid:84150762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287663)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.215.238.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287663/; classtype:trojan-activity;sid:84150763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287664)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.215.238.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287664/; classtype:trojan-activity;sid:84150764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287653)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.215.238.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287653/; classtype:trojan-activity;sid:84150753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287654)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.215.238.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287654/; classtype:trojan-activity;sid:84150754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287655)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.215.238.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287655/; classtype:trojan-activity;sid:84150755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287652)"; flow:established,from_client; content:"GET"; http_method; content:"/xclientxbx.b64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.96.10.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287652/; classtype:trojan-activity;sid:84150752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.233.119.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287651/; classtype:trojan-activity;sid:84150751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.188.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287650/; classtype:trojan-activity;sid:84150750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.31.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287649/; classtype:trojan-activity;sid:84150749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.205.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287648/; classtype:trojan-activity;sid:84150748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.201.197.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287647/; classtype:trojan-activity;sid:84150747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.205.99.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287638/; classtype:trojan-activity;sid:84150738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287639/; classtype:trojan-activity;sid:84150739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.171.188.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287640/; classtype:trojan-activity;sid:84150740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287641/; classtype:trojan-activity;sid:84150741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287642/; classtype:trojan-activity;sid:84150742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287643/; classtype:trojan-activity;sid:84150743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287644/; classtype:trojan-activity;sid:84150744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.166.191.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287645/; classtype:trojan-activity;sid:84150745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.119.43.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287646/; classtype:trojan-activity;sid:84150746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.121.12.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287632/; classtype:trojan-activity;sid:84150732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.136.227.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287633/; classtype:trojan-activity;sid:84150733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.96.209.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287634/; classtype:trojan-activity;sid:84150734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.255.247.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287635/; classtype:trojan-activity;sid:84150735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.127.218.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287636/; classtype:trojan-activity;sid:84150736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.252.66.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287637/; classtype:trojan-activity;sid:84150737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.131.65.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287631/; classtype:trojan-activity;sid:84150731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287630)"; flow:established,from_client; content:"GET"; http_method; content:"/gotocheckout"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jzyk.strategies.mvpstrat.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287630/; classtype:trojan-activity;sid:84150730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.39.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287629/; classtype:trojan-activity;sid:84150729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.149.247.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287628/; classtype:trojan-activity;sid:84150728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.133.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287626/; classtype:trojan-activity;sid:84150726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.1.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287627/; classtype:trojan-activity;sid:84150727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.95.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287625/; classtype:trojan-activity;sid:84150725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.120.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287624/; classtype:trojan-activity;sid:84150724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.132.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287623/; classtype:trojan-activity;sid:84150723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287622/; classtype:trojan-activity;sid:84150722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.172.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287621/; classtype:trojan-activity;sid:84150721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.156.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287620/; classtype:trojan-activity;sid:84150720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.143.104.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287619/; classtype:trojan-activity;sid:84150719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.94.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287618/; classtype:trojan-activity;sid:84150718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.109.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287617/; classtype:trojan-activity;sid:84150717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.90.3.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287616/; classtype:trojan-activity;sid:84150716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.92.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287615/; classtype:trojan-activity;sid:84150715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.232.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287614/; classtype:trojan-activity;sid:84150714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.3.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287613/; classtype:trojan-activity;sid:84150713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.173.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287612/; classtype:trojan-activity;sid:84150712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.46.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287611/; classtype:trojan-activity;sid:84150711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.44.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287610/; classtype:trojan-activity;sid:84150710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.46.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287609/; classtype:trojan-activity;sid:84150709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.62.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287608/; classtype:trojan-activity;sid:84150708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.248.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287607/; classtype:trojan-activity;sid:84150707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.183.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287606/; classtype:trojan-activity;sid:84150706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287605/; classtype:trojan-activity;sid:84150705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.84.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287604/; classtype:trojan-activity;sid:84150704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.113.132.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287603/; classtype:trojan-activity;sid:84150703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.61.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287602/; classtype:trojan-activity;sid:84150702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.105.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287601/; classtype:trojan-activity;sid:84150701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.232.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287600/; classtype:trojan-activity;sid:84150700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.31.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287599/; classtype:trojan-activity;sid:84150699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.101.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287598/; classtype:trojan-activity;sid:84150698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.85.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287597/; classtype:trojan-activity;sid:84150697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.237.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287596/; classtype:trojan-activity;sid:84150696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.46.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287595/; classtype:trojan-activity;sid:84150695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.98.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287594/; classtype:trojan-activity;sid:84150694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.50.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287593/; classtype:trojan-activity;sid:84150693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287592/; classtype:trojan-activity;sid:84150692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.154.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287591/; classtype:trojan-activity;sid:84150691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.105.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287590/; classtype:trojan-activity;sid:84150690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.35.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287589/; classtype:trojan-activity;sid:84150689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.29.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287588/; classtype:trojan-activity;sid:84150688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.198.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287587/; classtype:trojan-activity;sid:84150687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.205.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287586/; classtype:trojan-activity;sid:84150686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.120.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287585/; classtype:trojan-activity;sid:84150685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.151.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287583/; classtype:trojan-activity;sid:84150683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.61.103.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287584/; classtype:trojan-activity;sid:84150684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.126.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287582/; classtype:trojan-activity;sid:84150682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.90.191"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287581/; classtype:trojan-activity;sid:84150681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.50.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287580/; classtype:trojan-activity;sid:84150680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287579)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.118.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287579/; classtype:trojan-activity;sid:84150679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.50.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287578/; classtype:trojan-activity;sid:84150678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.120.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287577/; classtype:trojan-activity;sid:84150677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.167.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287576/; classtype:trojan-activity;sid:84150676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.238.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287575/; classtype:trojan-activity;sid:84150675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.103.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287574/; classtype:trojan-activity;sid:84150674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.185.9.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287573/; classtype:trojan-activity;sid:84150673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.151.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287572/; classtype:trojan-activity;sid:84150672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.80.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287571/; classtype:trojan-activity;sid:84150671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.154.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287570/; classtype:trojan-activity;sid:84150670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.148.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287569/; classtype:trojan-activity;sid:84150669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.51.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287568/; classtype:trojan-activity;sid:84150668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.50.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287567/; classtype:trojan-activity;sid:84150667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287566)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.190.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287566/; classtype:trojan-activity;sid:84150666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.242.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287565/; classtype:trojan-activity;sid:84150665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.171.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287564/; classtype:trojan-activity;sid:84150664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.162.157.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287563/; classtype:trojan-activity;sid:84150663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.87.120.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287562/; classtype:trojan-activity;sid:84150662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287555)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"191.96.235.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287555/; classtype:trojan-activity;sid:84150655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287556)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"191.96.235.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287556/; classtype:trojan-activity;sid:84150656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287557)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"191.96.235.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287557/; classtype:trojan-activity;sid:84150657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287558)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"191.96.235.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287558/; classtype:trojan-activity;sid:84150658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287559)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"191.96.235.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287559/; classtype:trojan-activity;sid:84150659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287560)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"191.96.235.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287560/; classtype:trojan-activity;sid:84150660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287561)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"191.96.235.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287561/; classtype:trojan-activity;sid:84150661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287554)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"191.96.235.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287554/; classtype:trojan-activity;sid:84150654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287552)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"191.96.235.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287552/; classtype:trojan-activity;sid:84150652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287553)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"191.96.235.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287553/; classtype:trojan-activity;sid:84150653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287551)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"191.96.235.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287551/; classtype:trojan-activity;sid:84150651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.31.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287550/; classtype:trojan-activity;sid:84150650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.86.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287549/; classtype:trojan-activity;sid:84150649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.179.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287548/; classtype:trojan-activity;sid:84150648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.192.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287547/; classtype:trojan-activity;sid:84150647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.173.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287546/; classtype:trojan-activity;sid:84150646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.213.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287545/; classtype:trojan-activity;sid:84150645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.117.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287544/; classtype:trojan-activity;sid:84150644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.49.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287543/; classtype:trojan-activity;sid:84150643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.19.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287541/; classtype:trojan-activity;sid:84150641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.117.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287542/; classtype:trojan-activity;sid:84150642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.7.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287540/; classtype:trojan-activity;sid:84150640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.64.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287539/; classtype:trojan-activity;sid:84150639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.159.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287538/; classtype:trojan-activity;sid:84150638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.140.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287537/; classtype:trojan-activity;sid:84150637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.158.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287536/; classtype:trojan-activity;sid:84150636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.10.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287535/; classtype:trojan-activity;sid:84150635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.162.157.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287534/; classtype:trojan-activity;sid:84150634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287532/; classtype:trojan-activity;sid:84150632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.80.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287533/; classtype:trojan-activity;sid:84150633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.171.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287531/; classtype:trojan-activity;sid:84150631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.204.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287530/; classtype:trojan-activity;sid:84150630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.124.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287529/; classtype:trojan-activity;sid:84150629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.157.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287528/; classtype:trojan-activity;sid:84150628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.148.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287525/; classtype:trojan-activity;sid:84150625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287526)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"206.238.179.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287526/; classtype:trojan-activity;sid:84150626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287527)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"206.119.81.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287527/; classtype:trojan-activity;sid:84150627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287523)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.19.164.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287523/; classtype:trojan-activity;sid:84150623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287524)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"202.61.84.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287524/; classtype:trojan-activity;sid:84150624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.192.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287522/; classtype:trojan-activity;sid:84150622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.104.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287521/; classtype:trojan-activity;sid:84150621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.163.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287520/; classtype:trojan-activity;sid:84150620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287519/; classtype:trojan-activity;sid:84150619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.116.122.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287518/; classtype:trojan-activity;sid:84150618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.140.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287517/; classtype:trojan-activity;sid:84150617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.63.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287516/; classtype:trojan-activity;sid:84150616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.122.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287515/; classtype:trojan-activity;sid:84150615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.11.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287514/; classtype:trojan-activity;sid:84150614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.120.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287513/; classtype:trojan-activity;sid:84150613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.192.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287512/; classtype:trojan-activity;sid:84150612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.255.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287511/; classtype:trojan-activity;sid:84150611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.7.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287510/; classtype:trojan-activity;sid:84150610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.76.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287509/; classtype:trojan-activity;sid:84150609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.126.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287508/; classtype:trojan-activity;sid:84150608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.24.209"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287507/; classtype:trojan-activity;sid:84150607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.93.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287506/; classtype:trojan-activity;sid:84150606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.83.176.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287505/; classtype:trojan-activity;sid:84150605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.9.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287504/; classtype:trojan-activity;sid:84150604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.82.156.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287503/; classtype:trojan-activity;sid:84150603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.163.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287502/; classtype:trojan-activity;sid:84150602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.37.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287500/; classtype:trojan-activity;sid:84150600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.156.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287501/; classtype:trojan-activity;sid:84150601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.92.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287499/; classtype:trojan-activity;sid:84150599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.63.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287498/; classtype:trojan-activity;sid:84150598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.50.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287497/; classtype:trojan-activity;sid:84150597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.241.176.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287496/; classtype:trojan-activity;sid:84150596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.199.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287495/; classtype:trojan-activity;sid:84150595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.143.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287494/; classtype:trojan-activity;sid:84150594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.21.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287493/; classtype:trojan-activity;sid:84150593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.3.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287491/; classtype:trojan-activity;sid:84150591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.172.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287492/; classtype:trojan-activity;sid:84150592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.137.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287490/; classtype:trojan-activity;sid:84150590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.14.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287489/; classtype:trojan-activity;sid:84150589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.194.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287488/; classtype:trojan-activity;sid:84150588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.224.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287487/; classtype:trojan-activity;sid:84150587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.64.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287486/; classtype:trojan-activity;sid:84150586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287485/; classtype:trojan-activity;sid:84150585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.58.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287484/; classtype:trojan-activity;sid:84150584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.14.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287483/; classtype:trojan-activity;sid:84150583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.10.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287482/; classtype:trojan-activity;sid:84150582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.26.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287481/; classtype:trojan-activity;sid:84150581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.92.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287480/; classtype:trojan-activity;sid:84150580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.23.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287479/; classtype:trojan-activity;sid:84150579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.31.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287478/; classtype:trojan-activity;sid:84150578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.143.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287477/; classtype:trojan-activity;sid:84150577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.170.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287476/; classtype:trojan-activity;sid:84150576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.152.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287475/; classtype:trojan-activity;sid:84150575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.245.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287474/; classtype:trojan-activity;sid:84150574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.156.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287473/; classtype:trojan-activity;sid:84150573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.15.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287472/; classtype:trojan-activity;sid:84150572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.65.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287471/; classtype:trojan-activity;sid:84150571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.169.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287470/; classtype:trojan-activity;sid:84150570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.121.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287469/; classtype:trojan-activity;sid:84150569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287468/; classtype:trojan-activity;sid:84150568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.194.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287467/; classtype:trojan-activity;sid:84150567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.58.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287466/; classtype:trojan-activity;sid:84150566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287465/; classtype:trojan-activity;sid:84150565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287464)"; flow:established,from_client; content:"GET"; http_method; content:"/webdav/team_performance_report(2024-11).docx.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"download.swire-pacific.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287464/; classtype:trojan-activity;sid:84150564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287463)"; flow:established,from_client; content:"GET"; http_method; content:"/webdav/25-26_salary_adjustment.docx.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"download.swire-pacific.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287463/; classtype:trojan-activity;sid:84150563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.103.68.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287462/; classtype:trojan-activity;sid:84150562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.123.102.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287461/; classtype:trojan-activity;sid:84150561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287459)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.8.81.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287459/; classtype:trojan-activity;sid:84150559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.64.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287460/; classtype:trojan-activity;sid:84150560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.169.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287458/; classtype:trojan-activity;sid:84150558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.114.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287457/; classtype:trojan-activity;sid:84150557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.242.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287456/; classtype:trojan-activity;sid:84150556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287455/; classtype:trojan-activity;sid:84150555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.246.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287454/; classtype:trojan-activity;sid:84150554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.255.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287453/; classtype:trojan-activity;sid:84150553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.50.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287452/; classtype:trojan-activity;sid:84150552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.118.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287450/; classtype:trojan-activity;sid:84150550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.31.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287451/; classtype:trojan-activity;sid:84150551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.182.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287449/; classtype:trojan-activity;sid:84150549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.248.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287448/; classtype:trojan-activity;sid:84150548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287447)"; flow:established,from_client; content:"GET"; http_method; content:"/gotocheckout"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"zmscf.events.socalpocis.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287447/; classtype:trojan-activity;sid:84150547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.40.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287446/; classtype:trojan-activity;sid:84150546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.189.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287445/; classtype:trojan-activity;sid:84150545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.146.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287444/; classtype:trojan-activity;sid:84150544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.176.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287443/; classtype:trojan-activity;sid:84150543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.117.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287442/; classtype:trojan-activity;sid:84150542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.217.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287441/; classtype:trojan-activity;sid:84150541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287440)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.227.56.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287440/; classtype:trojan-activity;sid:84150540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.242.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287439/; classtype:trojan-activity;sid:84150539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.177.36.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287438/; classtype:trojan-activity;sid:84150538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.26.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287437/; classtype:trojan-activity;sid:84150537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287436)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287436/; classtype:trojan-activity;sid:84150536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.80.200.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287435/; classtype:trojan-activity;sid:84150535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.125.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287433/; classtype:trojan-activity;sid:84150533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287434)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uuaszjss_f1deqe1a8-hwmk3m5sisl8o"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287434/; classtype:trojan-activity;sid:84150534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287432)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/gh/creatingnextleeverthingswithentireprocessgetitinonlineback.hta"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"192.3.176.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287432/; classtype:trojan-activity;sid:84150532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.81.247.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287431/; classtype:trojan-activity;sid:84150531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.62.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287429/; classtype:trojan-activity;sid:84150529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.188.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287430/; classtype:trojan-activity;sid:84150530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.102.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287428/; classtype:trojan-activity;sid:84150528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287427)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.70.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287427/; classtype:trojan-activity;sid:84150527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.248.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287426/; classtype:trojan-activity;sid:84150526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.40.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287425/; classtype:trojan-activity;sid:84150525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.80.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287424/; classtype:trojan-activity;sid:84150524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.144.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287423/; classtype:trojan-activity;sid:84150523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.102.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287422/; classtype:trojan-activity;sid:84150522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"206.85.166.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287421/; classtype:trojan-activity;sid:84150521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.177.36.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287420/; classtype:trojan-activity;sid:84150520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.21.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287419/; classtype:trojan-activity;sid:84150519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.224.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287418/; classtype:trojan-activity;sid:84150518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.208.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287416/; classtype:trojan-activity;sid:84150516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.203.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287417/; classtype:trojan-activity;sid:84150517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287415)"; flow:established,from_client; content:"GET"; http_method; content:"/rlljgnfmbdzut44.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"212.162.149.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287415/; classtype:trojan-activity;sid:84150515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287414)"; flow:established,from_client; content:"GET"; http_method; content:"/fyjjzdxnggcbdwfmzh209.bin"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mertvinc.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287414/; classtype:trojan-activity;sid:84150514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.74.249"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287413/; classtype:trojan-activity;sid:84150513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.116.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287412/; classtype:trojan-activity;sid:84150512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287410)"; flow:established,from_client; content:"GET"; http_method; content:"/qvmezflljcc194.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.141.120.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287410/; classtype:trojan-activity;sid:84150510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287411)"; flow:established,from_client; content:"GET"; http_method; content:"/mvwoluxbrkywqsu236.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"93.123.109.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287411/; classtype:trojan-activity;sid:84150511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.98.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287406/; classtype:trojan-activity;sid:84150506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.2.88.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287407/; classtype:trojan-activity;sid:84150507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.84.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287408/; classtype:trojan-activity;sid:84150508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.247.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287409/; classtype:trojan-activity;sid:84150509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.60.238.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287405/; classtype:trojan-activity;sid:84150505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.126.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287404/; classtype:trojan-activity;sid:84150504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.188.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287403/; classtype:trojan-activity;sid:84150503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.241.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287402/; classtype:trojan-activity;sid:84150502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.29.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287401/; classtype:trojan-activity;sid:84150501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.167.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287399/; classtype:trojan-activity;sid:84150499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.156.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287400/; classtype:trojan-activity;sid:84150500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.219.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287398/; classtype:trojan-activity;sid:84150498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.245.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287397/; classtype:trojan-activity;sid:84150497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.235.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287395/; classtype:trojan-activity;sid:84150495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.144.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287396/; classtype:trojan-activity;sid:84150496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.25.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287394/; classtype:trojan-activity;sid:84150494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.110.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287393/; classtype:trojan-activity;sid:84150493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.36.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287392/; classtype:trojan-activity;sid:84150492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.241.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287391/; classtype:trojan-activity;sid:84150491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287387)"; flow:established,from_client; content:"GET"; http_method; content:"/amen.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.217.246.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287387/; classtype:trojan-activity;sid:84150487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287388)"; flow:established,from_client; content:"GET"; http_method; content:"/amen.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.217.246.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287388/; classtype:trojan-activity;sid:84150488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287389)"; flow:established,from_client; content:"GET"; http_method; content:"/amen.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.217.246.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287389/; classtype:trojan-activity;sid:84150489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287390)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown.gif"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"67.217.246.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287390/; classtype:trojan-activity;sid:84150490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287376)"; flow:established,from_client; content:"GET"; http_method; content:"/amen.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.217.246.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287376/; classtype:trojan-activity;sid:84150476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287377)"; flow:established,from_client; content:"GET"; http_method; content:"/amen.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.217.246.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287377/; classtype:trojan-activity;sid:84150477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287378)"; flow:established,from_client; content:"GET"; http_method; content:"/amen.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.217.246.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287378/; classtype:trojan-activity;sid:84150478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287379)"; flow:established,from_client; content:"GET"; http_method; content:"/amen.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.217.246.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287379/; classtype:trojan-activity;sid:84150479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287380)"; flow:established,from_client; content:"GET"; http_method; content:"/blank.gif"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.217.246.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287380/; classtype:trojan-activity;sid:84150480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287381)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl.b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.246.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287381/; classtype:trojan-activity;sid:84150481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287382)"; flow:established,from_client; content:"GET"; http_method; content:"/amen.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.217.246.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287382/; classtype:trojan-activity;sid:84150482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287383)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.b"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"67.217.246.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287383/; classtype:trojan-activity;sid:84150483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287384)"; flow:established,from_client; content:"GET"; http_method; content:"/back.gif"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.217.246.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287384/; classtype:trojan-activity;sid:84150484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287385)"; flow:established,from_client; content:"GET"; http_method; content:"/folder.gif"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"67.217.246.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287385/; classtype:trojan-activity;sid:84150485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287386)"; flow:established,from_client; content:"GET"; http_method; content:"/svhost.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"101.43.83.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287386/; classtype:trojan-activity;sid:84150486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287374)"; flow:established,from_client; content:"GET"; http_method; content:"/url|3f|q=https://dl.dropboxusercontent.com/scl/fi/1b3qdpnqx1ho46tgb7h7u/2oficio-nro-192-notificaci-n-judicial-auto-admisorio-demanda-laboral-esm.tar.uue.tar.001|3f|rlkey%3dkv7tv4v03hjp1cwycaiagq3fh%26st%3dlmaolu0a%26dl%3d0|7c|26|7c|sa=d|7c|26|7c|source=editors|7c|26|7c|ust=1731015340766663|7c|26|7c|usg=aovvaw2rsmsqqje6sw6bllmajpes"; http_uri; depth:333; isdataat:!1,relative; nocase; content:"www.google.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287374/; classtype:trojan-activity;sid:84150474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287375)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/sw/seethebestthingswithgreatthingstobefrankwithme.tif"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"107.172.148.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287375/; classtype:trojan-activity;sid:84150475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.176.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287373/; classtype:trojan-activity;sid:84150473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287372)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287372/; classtype:trojan-activity;sid:84150472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.126.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287371/; classtype:trojan-activity;sid:84150471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.244.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287370/; classtype:trojan-activity;sid:84150470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.224.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287369/; classtype:trojan-activity;sid:84150469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.36.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287368/; classtype:trojan-activity;sid:84150468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.122.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287367/; classtype:trojan-activity;sid:84150467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.25.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287366/; classtype:trojan-activity;sid:84150466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.245.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287365/; classtype:trojan-activity;sid:84150465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.15.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287364/; classtype:trojan-activity;sid:84150464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287363/; classtype:trojan-activity;sid:84150463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.10.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287362/; classtype:trojan-activity;sid:84150462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.119.193.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287360/; classtype:trojan-activity;sid:84150460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.98.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287361/; classtype:trojan-activity;sid:84150461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.219.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287359/; classtype:trojan-activity;sid:84150459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.2.165"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287358/; classtype:trojan-activity;sid:84150458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.86.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287357/; classtype:trojan-activity;sid:84150457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.110.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287356/; classtype:trojan-activity;sid:84150456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.235.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287355/; classtype:trojan-activity;sid:84150455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.68.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287354/; classtype:trojan-activity;sid:84150454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.36.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287353/; classtype:trojan-activity;sid:84150453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.114.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287352/; classtype:trojan-activity;sid:84150452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.146.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287351/; classtype:trojan-activity;sid:84150451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.50.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287350/; classtype:trojan-activity;sid:84150450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287349)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.150.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287349/; classtype:trojan-activity;sid:84150449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.21.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287348/; classtype:trojan-activity;sid:84150448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.42.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287347/; classtype:trojan-activity;sid:84150447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.37.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287346/; classtype:trojan-activity;sid:84150446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.112.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287345/; classtype:trojan-activity;sid:84150445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.29.109.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287343/; classtype:trojan-activity;sid:84150443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287344)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.213.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287344/; classtype:trojan-activity;sid:84150444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.115.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287342/; classtype:trojan-activity;sid:84150442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.211.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287341/; classtype:trojan-activity;sid:84150441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.31.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287340/; classtype:trojan-activity;sid:84150440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.153.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287339/; classtype:trojan-activity;sid:84150439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.2.165"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287338/; classtype:trojan-activity;sid:84150438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.119.193.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287337/; classtype:trojan-activity;sid:84150437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.59.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287336/; classtype:trojan-activity;sid:84150436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.252.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287335/; classtype:trojan-activity;sid:84150435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.106.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287334/; classtype:trojan-activity;sid:84150434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.27.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287333/; classtype:trojan-activity;sid:84150433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.146.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287332/; classtype:trojan-activity;sid:84150432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287331/; classtype:trojan-activity;sid:84150431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.12.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287330/; classtype:trojan-activity;sid:84150430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.80.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287329/; classtype:trojan-activity;sid:84150429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.120.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287328/; classtype:trojan-activity;sid:84150428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.237.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287326/; classtype:trojan-activity;sid:84150426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.100.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287327/; classtype:trojan-activity;sid:84150427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.127.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287324/; classtype:trojan-activity;sid:84150424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.211.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287325/; classtype:trojan-activity;sid:84150425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.106.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287323/; classtype:trojan-activity;sid:84150423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.31.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287322/; classtype:trojan-activity;sid:84150422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.8.127"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287321/; classtype:trojan-activity;sid:84150421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.56.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287320/; classtype:trojan-activity;sid:84150420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.136.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287319/; classtype:trojan-activity;sid:84150419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.183.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287317/; classtype:trojan-activity;sid:84150417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.172.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287318/; classtype:trojan-activity;sid:84150418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.48.14"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287316/; classtype:trojan-activity;sid:84150416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.247.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287315/; classtype:trojan-activity;sid:84150415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.25.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287314/; classtype:trojan-activity;sid:84150414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.149.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287313/; classtype:trojan-activity;sid:84150413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.162.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287312/; classtype:trojan-activity;sid:84150412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.35.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287311/; classtype:trojan-activity;sid:84150411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.21.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287310/; classtype:trojan-activity;sid:84150410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.88.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287309/; classtype:trojan-activity;sid:84150409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.125.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287308/; classtype:trojan-activity;sid:84150408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.74.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287307/; classtype:trojan-activity;sid:84150407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.21.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287306/; classtype:trojan-activity;sid:84150406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.114.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287305/; classtype:trojan-activity;sid:84150405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.56.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287304/; classtype:trojan-activity;sid:84150404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.209.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287302/; classtype:trojan-activity;sid:84150402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.238.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287303/; classtype:trojan-activity;sid:84150403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.47.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287301/; classtype:trojan-activity;sid:84150401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.172.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287300/; classtype:trojan-activity;sid:84150400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287299/; classtype:trojan-activity;sid:84150399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.237.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287298/; classtype:trojan-activity;sid:84150398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.62.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287296/; classtype:trojan-activity;sid:84150396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.35.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287297/; classtype:trojan-activity;sid:84150397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.59.102.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287295/; classtype:trojan-activity;sid:84150395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.100.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287294/; classtype:trojan-activity;sid:84150394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.110.13.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287293/; classtype:trojan-activity;sid:84150393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.57.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287292/; classtype:trojan-activity;sid:84150392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.80.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287290/; classtype:trojan-activity;sid:84150390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.90.191"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287291/; classtype:trojan-activity;sid:84150391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.43.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287288/; classtype:trojan-activity;sid:84150388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.181.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287289/; classtype:trojan-activity;sid:84150389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.238.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287286/; classtype:trojan-activity;sid:84150386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.152.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287287/; classtype:trojan-activity;sid:84150387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.214.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287285/; classtype:trojan-activity;sid:84150385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.117.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287284/; classtype:trojan-activity;sid:84150384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.74.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287283/; classtype:trojan-activity;sid:84150383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.88.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287282/; classtype:trojan-activity;sid:84150382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.209.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287281/; classtype:trojan-activity;sid:84150381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.179.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287280/; classtype:trojan-activity;sid:84150380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287279/; classtype:trojan-activity;sid:84150379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.195.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287278/; classtype:trojan-activity;sid:84150378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.114.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287277/; classtype:trojan-activity;sid:84150377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.75.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287276/; classtype:trojan-activity;sid:84150376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.208.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287275/; classtype:trojan-activity;sid:84150375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.110.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287274/; classtype:trojan-activity;sid:84150374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.125.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287273/; classtype:trojan-activity;sid:84150373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.69.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287272/; classtype:trojan-activity;sid:84150372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.142.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287271/; classtype:trojan-activity;sid:84150371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.216.118.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287270/; classtype:trojan-activity;sid:84150370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.60.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287269/; classtype:trojan-activity;sid:84150369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.43.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287268/; classtype:trojan-activity;sid:84150368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.101.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287267/; classtype:trojan-activity;sid:84150367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.235.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287266/; classtype:trojan-activity;sid:84150366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.74.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287265/; classtype:trojan-activity;sid:84150365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.184.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287264/; classtype:trojan-activity;sid:84150364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.76.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287263/; classtype:trojan-activity;sid:84150363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.155.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287262/; classtype:trojan-activity;sid:84150362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.100.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287261/; classtype:trojan-activity;sid:84150361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.200.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287260/; classtype:trojan-activity;sid:84150360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287259)"; flow:established,from_client; content:"GET"; http_method; content:"/files/file1.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287259/; classtype:trojan-activity;sid:84150359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.230.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287258/; classtype:trojan-activity;sid:84150358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.7.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287257/; classtype:trojan-activity;sid:84150357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.125.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287256/; classtype:trojan-activity;sid:84150356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.244.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287255/; classtype:trojan-activity;sid:84150355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.180.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287254/; classtype:trojan-activity;sid:84150354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.240.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287253/; classtype:trojan-activity;sid:84150353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.27.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287252/; classtype:trojan-activity;sid:84150352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.93.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287251/; classtype:trojan-activity;sid:84150351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.239.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287250/; classtype:trojan-activity;sid:84150350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.32.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287249/; classtype:trojan-activity;sid:84150349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.93.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287248/; classtype:trojan-activity;sid:84150348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.60.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287247/; classtype:trojan-activity;sid:84150347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.125.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287246/; classtype:trojan-activity;sid:84150346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.180.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287245/; classtype:trojan-activity;sid:84150345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.251.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287244/; classtype:trojan-activity;sid:84150344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.36.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287243/; classtype:trojan-activity;sid:84150343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.159.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287242/; classtype:trojan-activity;sid:84150342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.181.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287241/; classtype:trojan-activity;sid:84150341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.138.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287240/; classtype:trojan-activity;sid:84150340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.226.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287239/; classtype:trojan-activity;sid:84150339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.113.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287238/; classtype:trojan-activity;sid:84150338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.235.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287237/; classtype:trojan-activity;sid:84150337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.3.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287236/; classtype:trojan-activity;sid:84150336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.207.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287235/; classtype:trojan-activity;sid:84150335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.54.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287234/; classtype:trojan-activity;sid:84150334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.36.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287233/; classtype:trojan-activity;sid:84150333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.231.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287232/; classtype:trojan-activity;sid:84150332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287231/; classtype:trojan-activity;sid:84150331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.117.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287230/; classtype:trojan-activity;sid:84150330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.52.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287229/; classtype:trojan-activity;sid:84150329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287228)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.223.218.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287228/; classtype:trojan-activity;sid:84150328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.93.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287227/; classtype:trojan-activity;sid:84150327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.162.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287226/; classtype:trojan-activity;sid:84150326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.244.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287225/; classtype:trojan-activity;sid:84150325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.239.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287224/; classtype:trojan-activity;sid:84150324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.109.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287223/; classtype:trojan-activity;sid:84150323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.214.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287222/; classtype:trojan-activity;sid:84150322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.154.80.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287221/; classtype:trojan-activity;sid:84150321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.107.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287220/; classtype:trojan-activity;sid:84150320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.21.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287219/; classtype:trojan-activity;sid:84150319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.181.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287218/; classtype:trojan-activity;sid:84150318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.226.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287217/; classtype:trojan-activity;sid:84150317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.207.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287216/; classtype:trojan-activity;sid:84150316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.242.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287214/; classtype:trojan-activity;sid:84150314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.242.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287215/; classtype:trojan-activity;sid:84150315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.7.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287213/; classtype:trojan-activity;sid:84150313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.44.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287212/; classtype:trojan-activity;sid:84150312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287210)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.8.31.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287210/; classtype:trojan-activity;sid:84150310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.248.113.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287211/; classtype:trojan-activity;sid:84150311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.179.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287208/; classtype:trojan-activity;sid:84150308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.145.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287209/; classtype:trojan-activity;sid:84150309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.180.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287207/; classtype:trojan-activity;sid:84150307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.252.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287206/; classtype:trojan-activity;sid:84150306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.77.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287205/; classtype:trojan-activity;sid:84150305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.54.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287204/; classtype:trojan-activity;sid:84150304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.241.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287203/; classtype:trojan-activity;sid:84150303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.231.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287202/; classtype:trojan-activity;sid:84150302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.173.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287201/; classtype:trojan-activity;sid:84150301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.109.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287200/; classtype:trojan-activity;sid:84150300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.162.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287199/; classtype:trojan-activity;sid:84150299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.11.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287198/; classtype:trojan-activity;sid:84150298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.213.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287197/; classtype:trojan-activity;sid:84150297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.214.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287196/; classtype:trojan-activity;sid:84150296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.44.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287195/; classtype:trojan-activity;sid:84150295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.86.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287194/; classtype:trojan-activity;sid:84150294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.121.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287193/; classtype:trojan-activity;sid:84150293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.239.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287192/; classtype:trojan-activity;sid:84150292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.242.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287191/; classtype:trojan-activity;sid:84150291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.77.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287190/; classtype:trojan-activity;sid:84150290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.125.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287189/; classtype:trojan-activity;sid:84150289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.245.2.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287187/; classtype:trojan-activity;sid:84150287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287188)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.91.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287188/; classtype:trojan-activity;sid:84150288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287186)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"151.45.65.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287186/; classtype:trojan-activity;sid:84150286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.128.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287185/; classtype:trojan-activity;sid:84150285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.252.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287184/; classtype:trojan-activity;sid:84150284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.109.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287183/; classtype:trojan-activity;sid:84150283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.163.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287182/; classtype:trojan-activity;sid:84150282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.112.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287181/; classtype:trojan-activity;sid:84150281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.83.145"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287180/; classtype:trojan-activity;sid:84150280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.90.39.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287179/; classtype:trojan-activity;sid:84150279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.94.181.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287175/; classtype:trojan-activity;sid:84150275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.134.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287176/; classtype:trojan-activity;sid:84150276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.220.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287177/; classtype:trojan-activity;sid:84150277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.32.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287178/; classtype:trojan-activity;sid:84150278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.60.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287174/; classtype:trojan-activity;sid:84150274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.37.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287172/; classtype:trojan-activity;sid:84150272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.108.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287173/; classtype:trojan-activity;sid:84150273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.201.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287171/; classtype:trojan-activity;sid:84150271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.24.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287170/; classtype:trojan-activity;sid:84150270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.171.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287169/; classtype:trojan-activity;sid:84150269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.83.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287168/; classtype:trojan-activity;sid:84150268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.224.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287167/; classtype:trojan-activity;sid:84150267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.181.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287166/; classtype:trojan-activity;sid:84150266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.245.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287165/; classtype:trojan-activity;sid:84150265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.11.56.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287164/; classtype:trojan-activity;sid:84150264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.210.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287163/; classtype:trojan-activity;sid:84150263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.239.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287162/; classtype:trojan-activity;sid:84150262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.121.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287161/; classtype:trojan-activity;sid:84150261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.76.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287160/; classtype:trojan-activity;sid:84150260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.9.248"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287159/; classtype:trojan-activity;sid:84150259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.6.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287158/; classtype:trojan-activity;sid:84150258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.32.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287157/; classtype:trojan-activity;sid:84150257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.225.85.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287155/; classtype:trojan-activity;sid:84150255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287156)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.171.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287156/; classtype:trojan-activity;sid:84150256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.128.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287153/; classtype:trojan-activity;sid:84150253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.84.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287154/; classtype:trojan-activity;sid:84150254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.192.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287151/; classtype:trojan-activity;sid:84150251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.170.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287152/; classtype:trojan-activity;sid:84150252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.162.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287150/; classtype:trojan-activity;sid:84150250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.32.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287149/; classtype:trojan-activity;sid:84150249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.212.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287148/; classtype:trojan-activity;sid:84150248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287147/; classtype:trojan-activity;sid:84150247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.173.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287146/; classtype:trojan-activity;sid:84150246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.94.181.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287145/; classtype:trojan-activity;sid:84150245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.75.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287144/; classtype:trojan-activity;sid:84150244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.214.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287143/; classtype:trojan-activity;sid:84150243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.181.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287142/; classtype:trojan-activity;sid:84150242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.227.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287141/; classtype:trojan-activity;sid:84150241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287140/; classtype:trojan-activity;sid:84150240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.11.56.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287139/; classtype:trojan-activity;sid:84150239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287138)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"122.254.13.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287138/; classtype:trojan-activity;sid:84150238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.234.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287136/; classtype:trojan-activity;sid:84150236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.61.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287137/; classtype:trojan-activity;sid:84150237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.213.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287134/; classtype:trojan-activity;sid:84150234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.119.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287135/; classtype:trojan-activity;sid:84150235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.58.179.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287133/; classtype:trojan-activity;sid:84150233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.211.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287131/; classtype:trojan-activity;sid:84150231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287132/; classtype:trojan-activity;sid:84150232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.29.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287130/; classtype:trojan-activity;sid:84150230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.76.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287129/; classtype:trojan-activity;sid:84150229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.170.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287128/; classtype:trojan-activity;sid:84150228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287127)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.12.193.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287127/; classtype:trojan-activity;sid:84150227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.6.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287126/; classtype:trojan-activity;sid:84150226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.108.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287125/; classtype:trojan-activity;sid:84150225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.56.146.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287124/; classtype:trojan-activity;sid:84150224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.235.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287123/; classtype:trojan-activity;sid:84150223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.23.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287122/; classtype:trojan-activity;sid:84150222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.194.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287121/; classtype:trojan-activity;sid:84150221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.173.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287120/; classtype:trojan-activity;sid:84150220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.214.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287119/; classtype:trojan-activity;sid:84150219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.209.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287117/; classtype:trojan-activity;sid:84150217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.35.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287118/; classtype:trojan-activity;sid:84150218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.192.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287116/; classtype:trojan-activity;sid:84150216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287115/; classtype:trojan-activity;sid:84150215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.213.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287114/; classtype:trojan-activity;sid:84150214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.21.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287113/; classtype:trojan-activity;sid:84150213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.160.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287112/; classtype:trojan-activity;sid:84150212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.61.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287111/; classtype:trojan-activity;sid:84150211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.66.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287110/; classtype:trojan-activity;sid:84150210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.211.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287109/; classtype:trojan-activity;sid:84150209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.212.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287108/; classtype:trojan-activity;sid:84150208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.149.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287107/; classtype:trojan-activity;sid:84150207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.119.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287106/; classtype:trojan-activity;sid:84150206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.234.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287105/; classtype:trojan-activity;sid:84150205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.166.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287104/; classtype:trojan-activity;sid:84150204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.6.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287103/; classtype:trojan-activity;sid:84150203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.255.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287102/; classtype:trojan-activity;sid:84150202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.173.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287101/; classtype:trojan-activity;sid:84150201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.108.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287100/; classtype:trojan-activity;sid:84150200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.71.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287099/; classtype:trojan-activity;sid:84150199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.171.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287098/; classtype:trojan-activity;sid:84150198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.225.205.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287097/; classtype:trojan-activity;sid:84150197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.171.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287096/; classtype:trojan-activity;sid:84150196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.77.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287095/; classtype:trojan-activity;sid:84150195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.79.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287094/; classtype:trojan-activity;sid:84150194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.59.102.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287093/; classtype:trojan-activity;sid:84150193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.137.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287092/; classtype:trojan-activity;sid:84150192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.69.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287091/; classtype:trojan-activity;sid:84150191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.209.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287090/; classtype:trojan-activity;sid:84150190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.248.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287089/; classtype:trojan-activity;sid:84150189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.57.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287088/; classtype:trojan-activity;sid:84150188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.0.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287087/; classtype:trojan-activity;sid:84150187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287086/; classtype:trojan-activity;sid:84150186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.4.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287085/; classtype:trojan-activity;sid:84150185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.252.190.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287084/; classtype:trojan-activity;sid:84150184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.42.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287083/; classtype:trojan-activity;sid:84150183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.220.154.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287082/; classtype:trojan-activity;sid:84150182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.71.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287081/; classtype:trojan-activity;sid:84150181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.115.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287080/; classtype:trojan-activity;sid:84150180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.77.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287079/; classtype:trojan-activity;sid:84150179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.255.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287078/; classtype:trojan-activity;sid:84150178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.142.75.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287077/; classtype:trojan-activity;sid:84150177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.192.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287076/; classtype:trojan-activity;sid:84150176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.192.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287073/; classtype:trojan-activity;sid:84150173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.163.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287074/; classtype:trojan-activity;sid:84150174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.122.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287075/; classtype:trojan-activity;sid:84150175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.212.68.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287072/; classtype:trojan-activity;sid:84150172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.173.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287071/; classtype:trojan-activity;sid:84150171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.100.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287070/; classtype:trojan-activity;sid:84150170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.215.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287069/; classtype:trojan-activity;sid:84150169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.59.152.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287068/; classtype:trojan-activity;sid:84150168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.137.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287067/; classtype:trojan-activity;sid:84150167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.121.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287066/; classtype:trojan-activity;sid:84150166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.139.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287065/; classtype:trojan-activity;sid:84150165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.26.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287064/; classtype:trojan-activity;sid:84150164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.175.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287062/; classtype:trojan-activity;sid:84150162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287063/; classtype:trojan-activity;sid:84150163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.120.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287061/; classtype:trojan-activity;sid:84150161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.248.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287059/; classtype:trojan-activity;sid:84150159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.160.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287060/; classtype:trojan-activity;sid:84150160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.89.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287058/; classtype:trojan-activity;sid:84150158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.180.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287057/; classtype:trojan-activity;sid:84150157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.115.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287056/; classtype:trojan-activity;sid:84150156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287055/; classtype:trojan-activity;sid:84150155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.122.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287054/; classtype:trojan-activity;sid:84150154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.13.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287053/; classtype:trojan-activity;sid:84150153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.207.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287052/; classtype:trojan-activity;sid:84150152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.164.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287050/; classtype:trojan-activity;sid:84150150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.26.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287051/; classtype:trojan-activity;sid:84150151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.201.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287049/; classtype:trojan-activity;sid:84150149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.166.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287048/; classtype:trojan-activity;sid:84150148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.77.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287047/; classtype:trojan-activity;sid:84150147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.121.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287046/; classtype:trojan-activity;sid:84150146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.26.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287045/; classtype:trojan-activity;sid:84150145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.241.235.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287044/; classtype:trojan-activity;sid:84150144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.107.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287043/; classtype:trojan-activity;sid:84150143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.109.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287042/; classtype:trojan-activity;sid:84150142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287041/; classtype:trojan-activity;sid:84150141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.8.109.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287039/; classtype:trojan-activity;sid:84150139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.83.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287040/; classtype:trojan-activity;sid:84150140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.126.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287038/; classtype:trojan-activity;sid:84150138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.4.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287037/; classtype:trojan-activity;sid:84150137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.89.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287035/; classtype:trojan-activity;sid:84150135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.248.225.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287036/; classtype:trojan-activity;sid:84150136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.176.101.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287033/; classtype:trojan-activity;sid:84150133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.107.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287034/; classtype:trojan-activity;sid:84150134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.220.154.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287032/; classtype:trojan-activity;sid:84150132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.55.178.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287031/; classtype:trojan-activity;sid:84150131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.164.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287030/; classtype:trojan-activity;sid:84150130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287029/; classtype:trojan-activity;sid:84150129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.207.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287028/; classtype:trojan-activity;sid:84150128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.8.119"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287027/; classtype:trojan-activity;sid:84150127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.211.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287026/; classtype:trojan-activity;sid:84150126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287025/; classtype:trojan-activity;sid:84150125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287024/; classtype:trojan-activity;sid:84150124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.206.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287023/; classtype:trojan-activity;sid:84150123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.124.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287022/; classtype:trojan-activity;sid:84150122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.119.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287021/; classtype:trojan-activity;sid:84150121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.10.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287020/; classtype:trojan-activity;sid:84150120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.90.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287018/; classtype:trojan-activity;sid:84150118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.134.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287019/; classtype:trojan-activity;sid:84150119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.26.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287017/; classtype:trojan-activity;sid:84150117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.22.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287016/; classtype:trojan-activity;sid:84150116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.225.221.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287015/; classtype:trojan-activity;sid:84150115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.166.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287014/; classtype:trojan-activity;sid:84150114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.77.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287013/; classtype:trojan-activity;sid:84150113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.126.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287012/; classtype:trojan-activity;sid:84150112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.241.235.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287011/; classtype:trojan-activity;sid:84150111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.153.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287010/; classtype:trojan-activity;sid:84150110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.238.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287008/; classtype:trojan-activity;sid:84150108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.248.225.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287009/; classtype:trojan-activity;sid:84150109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.90.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287007/; classtype:trojan-activity;sid:84150107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.2.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287006/; classtype:trojan-activity;sid:84150106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.83.140"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287005/; classtype:trojan-activity;sid:84150105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.5.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287003/; classtype:trojan-activity;sid:84150103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.98.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287004/; classtype:trojan-activity;sid:84150104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.55.178.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287002/; classtype:trojan-activity;sid:84150102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.132.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287001/; classtype:trojan-activity;sid:84150101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.89.126.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287000/; classtype:trojan-activity;sid:84150100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.180.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286999/; classtype:trojan-activity;sid:84150099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286998/; classtype:trojan-activity;sid:84150098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.110.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286997/; classtype:trojan-activity;sid:84150097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.145.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286996/; classtype:trojan-activity;sid:84150096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.35.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286995/; classtype:trojan-activity;sid:84150095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.22.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286994/; classtype:trojan-activity;sid:84150094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.29.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286993/; classtype:trojan-activity;sid:84150093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.134.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286991/; classtype:trojan-activity;sid:84150091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.10.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286992/; classtype:trojan-activity;sid:84150092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.68.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286990/; classtype:trojan-activity;sid:84150090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.22.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286989/; classtype:trojan-activity;sid:84150089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286988/; classtype:trojan-activity;sid:84150088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.133.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286987/; classtype:trojan-activity;sid:84150087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.109.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286986/; classtype:trojan-activity;sid:84150086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.109.147.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286985/; classtype:trojan-activity;sid:84150085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.37.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286983/; classtype:trojan-activity;sid:84150083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.124.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286984/; classtype:trojan-activity;sid:84150084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.92.247.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286982/; classtype:trojan-activity;sid:84150082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.244.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286981/; classtype:trojan-activity;sid:84150081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286980)"; flow:established,from_client; content:"GET"; http_method; content:"/filtpennes26.vbs"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"191.96.207.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286980/; classtype:trojan-activity;sid:84150080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.85.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286979/; classtype:trojan-activity;sid:84150079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286973)"; flow:established,from_client; content:"GET"; http_method; content:"/forskergruppen.cmd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"191.96.207.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286973/; classtype:trojan-activity;sid:84150073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286974)"; flow:established,from_client; content:"GET"; http_method; content:"/arkivskab.cmd"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"191.96.207.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286974/; classtype:trojan-activity;sid:84150074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286975)"; flow:established,from_client; content:"GET"; http_method; content:"/milliardte.wsf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"191.96.207.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286975/; classtype:trojan-activity;sid:84150075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286977)"; flow:established,from_client; content:"GET"; http_method; content:"/keglerejsere.wsf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"191.96.207.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286977/; classtype:trojan-activity;sid:84150077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286978)"; flow:established,from_client; content:"GET"; http_method; content:"/stutsen.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"191.96.207.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286978/; classtype:trojan-activity;sid:84150078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.98.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286972/; classtype:trojan-activity;sid:84150072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.34.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286971/; classtype:trojan-activity;sid:84150071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.220.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286970/; classtype:trojan-activity;sid:84150070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.143.20.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286969/; classtype:trojan-activity;sid:84150069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.93.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286968/; classtype:trojan-activity;sid:84150068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.178.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286967/; classtype:trojan-activity;sid:84150067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.156.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286966/; classtype:trojan-activity;sid:84150066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286965)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.55.178.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286965/; classtype:trojan-activity;sid:84150065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.12.94.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286963/; classtype:trojan-activity;sid:84150063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286964)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.23.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286964/; classtype:trojan-activity;sid:84150064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.77.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286962/; classtype:trojan-activity;sid:84150062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.56.244.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286961/; classtype:trojan-activity;sid:84150061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.68.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286960/; classtype:trojan-activity;sid:84150060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.85.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286959/; classtype:trojan-activity;sid:84150059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.85.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286957/; classtype:trojan-activity;sid:84150057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286958/; classtype:trojan-activity;sid:84150058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.241.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286956/; classtype:trojan-activity;sid:84150056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.194.86.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286955/; classtype:trojan-activity;sid:84150055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.85.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286954/; classtype:trojan-activity;sid:84150054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.92.247.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286953/; classtype:trojan-activity;sid:84150053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.121.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286952/; classtype:trojan-activity;sid:84150052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.244.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286951/; classtype:trojan-activity;sid:84150051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.37.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286950/; classtype:trojan-activity;sid:84150050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.34.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286949/; classtype:trojan-activity;sid:84150049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.108.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286948/; classtype:trojan-activity;sid:84150048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.183.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286946/; classtype:trojan-activity;sid:84150046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.169.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286947/; classtype:trojan-activity;sid:84150047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286945/; classtype:trojan-activity;sid:84150045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.11.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286943/; classtype:trojan-activity;sid:84150043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286944)"; flow:established,from_client; content:"GET"; http_method; content:"/rj"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"198.23.197.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286944/; classtype:trojan-activity;sid:84150044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286942)"; flow:established,from_client; content:"GET"; http_method; content:"/way"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"198.23.197.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286942/; classtype:trojan-activity;sid:84150042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.12.94.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286941/; classtype:trojan-activity;sid:84150041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.218.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286940/; classtype:trojan-activity;sid:84150040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.106.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286939/; classtype:trojan-activity;sid:84150039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.240.18.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286938/; classtype:trojan-activity;sid:84150038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.248.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286937/; classtype:trojan-activity;sid:84150037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.153.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286936/; classtype:trojan-activity;sid:84150036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.86.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286935/; classtype:trojan-activity;sid:84150035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.28.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286934/; classtype:trojan-activity;sid:84150034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.168.225.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286932/; classtype:trojan-activity;sid:84150032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.50.59"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286933/; classtype:trojan-activity;sid:84150033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.23.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286931/; classtype:trojan-activity;sid:84150031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.153.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286930/; classtype:trojan-activity;sid:84150030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.74.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286929/; classtype:trojan-activity;sid:84150029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.190.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286928/; classtype:trojan-activity;sid:84150028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.11.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286927/; classtype:trojan-activity;sid:84150027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.11.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286926/; classtype:trojan-activity;sid:84150026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286925)"; flow:established,from_client; content:"GET"; http_method; content:"/l.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"freewaylumma.online"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286925/; classtype:trojan-activity;sid:84150025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286913)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"technovm-hk.tioffiop.shop"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286913/; classtype:trojan-activity;sid:84150013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286914)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"technovm-hk.tioffiop.shop"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286914/; classtype:trojan-activity;sid:84150014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286915)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"technovm-hk.tioffiop.shop"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286915/; classtype:trojan-activity;sid:84150015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286916)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"technovm-hk.tioffiop.shop"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286916/; classtype:trojan-activity;sid:84150016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286917)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"technovm-hk.tioffiop.shop"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286917/; classtype:trojan-activity;sid:84150017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286918)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"technovm-hk.tioffiop.shop"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286918/; classtype:trojan-activity;sid:84150018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286919)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"technovm-hk.tioffiop.shop"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286919/; classtype:trojan-activity;sid:84150019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286920)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"technovm-hk.tioffiop.shop"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286920/; classtype:trojan-activity;sid:84150020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286921)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"technovm-hk.tioffiop.shop"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286921/; classtype:trojan-activity;sid:84150021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286922)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"technovm-hk.tioffiop.shop"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286922/; classtype:trojan-activity;sid:84150022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286923)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"technovm-hk.tioffiop.shop"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286923/; classtype:trojan-activity;sid:84150023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286924)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"technovm-hk.tioffiop.shop"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286924/; classtype:trojan-activity;sid:84150024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286912/; classtype:trojan-activity;sid:84150012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286899)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.arm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"omg.rekugg.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286899/; classtype:trojan-activity;sid:84149999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286900)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.x86_64"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"omg.rekugg.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286900/; classtype:trojan-activity;sid:84150000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286901)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.m68k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"omg.rekugg.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286901/; classtype:trojan-activity;sid:84150001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286902)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.sh4"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"omg.rekugg.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286902/; classtype:trojan-activity;sid:84150002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286903)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.mips"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"omg.rekugg.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286903/; classtype:trojan-activity;sid:84150003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286904)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.arm7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"omg.rekugg.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286904/; classtype:trojan-activity;sid:84150004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286905)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.mpsl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"omg.rekugg.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286905/; classtype:trojan-activity;sid:84150005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286906)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.x86"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"omg.rekugg.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286906/; classtype:trojan-activity;sid:84150006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286907)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.arm5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"omg.rekugg.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286907/; classtype:trojan-activity;sid:84150007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286908)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.arm6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"omg.rekugg.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286908/; classtype:trojan-activity;sid:84150008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286909)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.spc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"omg.rekugg.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286909/; classtype:trojan-activity;sid:84150009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286910)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.ppc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"omg.rekugg.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286910/; classtype:trojan-activity;sid:84150010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286911)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.x86_64.dbg"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"omg.rekugg.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286911/; classtype:trojan-activity;sid:84150011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286898)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.sh"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"omg.rekugg.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286898/; classtype:trojan-activity;sid:84149998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.65.95.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286897/; classtype:trojan-activity;sid:84149997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.218.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286896/; classtype:trojan-activity;sid:84149996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.65.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286894/; classtype:trojan-activity;sid:84149994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.62.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286895/; classtype:trojan-activity;sid:84149995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286893)"; flow:established,from_client; content:"GET"; http_method; content:"/forte12premium.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ecem.edu.ar"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286893/; classtype:trojan-activity;sid:84149993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.83.176.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286892/; classtype:trojan-activity;sid:84149992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.31.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286891/; classtype:trojan-activity;sid:84149991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286890/; classtype:trojan-activity;sid:84149990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.28.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286889/; classtype:trojan-activity;sid:84149989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.168.225.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286888/; classtype:trojan-activity;sid:84149988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.143.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286887/; classtype:trojan-activity;sid:84149987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.42.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286886/; classtype:trojan-activity;sid:84149986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.145.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286885/; classtype:trojan-activity;sid:84149985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.190.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286884/; classtype:trojan-activity;sid:84149984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.84.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286883/; classtype:trojan-activity;sid:84149983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.65.95.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286882/; classtype:trojan-activity;sid:84149982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.139.50.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286881/; classtype:trojan-activity;sid:84149981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.246.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286880/; classtype:trojan-activity;sid:84149980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.119.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286879/; classtype:trojan-activity;sid:84149979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.62.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286878/; classtype:trojan-activity;sid:84149978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.186.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286877/; classtype:trojan-activity;sid:84149977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.65.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286876/; classtype:trojan-activity;sid:84149976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.84.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286874/; classtype:trojan-activity;sid:84149974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.105.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286875/; classtype:trojan-activity;sid:84149975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.83.176.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286873/; classtype:trojan-activity;sid:84149973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.205.167.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286871/; classtype:trojan-activity;sid:84149971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.65.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286872/; classtype:trojan-activity;sid:84149972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.16.91.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286870/; classtype:trojan-activity;sid:84149970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.107.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286868/; classtype:trojan-activity;sid:84149968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.42.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286869/; classtype:trojan-activity;sid:84149969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.253.80.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286867/; classtype:trojan-activity;sid:84149967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.201.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286866/; classtype:trojan-activity;sid:84149966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.219.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286865/; classtype:trojan-activity;sid:84149965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.93.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286864/; classtype:trojan-activity;sid:84149964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.143.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286863/; classtype:trojan-activity;sid:84149963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.225.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286862/; classtype:trojan-activity;sid:84149962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.248.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286861/; classtype:trojan-activity;sid:84149961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286860/; classtype:trojan-activity;sid:84149960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.46.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286859/; classtype:trojan-activity;sid:84149959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.134.15.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286858/; classtype:trojan-activity;sid:84149958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.79.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286857/; classtype:trojan-activity;sid:84149957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.102.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286856/; classtype:trojan-activity;sid:84149956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.73.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286855/; classtype:trojan-activity;sid:84149955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.92.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286854/; classtype:trojan-activity;sid:84149954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.8.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286853/; classtype:trojan-activity;sid:84149953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286852)"; flow:established,from_client; content:"GET"; http_method; content:"/files/powdergpl.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286852/; classtype:trojan-activity;sid:84149952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286846)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.213.187.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286846/; classtype:trojan-activity;sid:84149946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.242.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286847/; classtype:trojan-activity;sid:84149947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286848)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.213.187.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286848/; classtype:trojan-activity;sid:84149948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286849)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm.b"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.213.187.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286849/; classtype:trojan-activity;sid:84149949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286850)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.213.187.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286850/; classtype:trojan-activity;sid:84149950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286851)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.213.187.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286851/; classtype:trojan-activity;sid:84149951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286839)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.213.187.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286839/; classtype:trojan-activity;sid:84149939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286840)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.213.187.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286840/; classtype:trojan-activity;sid:84149940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286841)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.213.187.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286841/; classtype:trojan-activity;sid:84149941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286842)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl.b"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.213.187.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286842/; classtype:trojan-activity;sid:84149942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286843)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zgp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.213.187.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286843/; classtype:trojan-activity;sid:84149943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286844)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.213.187.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286844/; classtype:trojan-activity;sid:84149944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286845)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.213.187.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286845/; classtype:trojan-activity;sid:84149945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.119.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286838/; classtype:trojan-activity;sid:84149938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286837)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.213.187.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286837/; classtype:trojan-activity;sid:84149937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.207.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286836/; classtype:trojan-activity;sid:84149936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.84.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286835/; classtype:trojan-activity;sid:84149935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.215.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286834/; classtype:trojan-activity;sid:84149934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286833/; classtype:trojan-activity;sid:84149933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.69.42.248"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286832/; classtype:trojan-activity;sid:84149932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.248.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286830/; classtype:trojan-activity;sid:84149930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.93.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286831/; classtype:trojan-activity;sid:84149931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.112.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286829/; classtype:trojan-activity;sid:84149929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.227.56.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286826/; classtype:trojan-activity;sid:84149926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.39.131.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286827/; classtype:trojan-activity;sid:84149927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.73.64.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286828/; classtype:trojan-activity;sid:84149928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.44.88.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286824/; classtype:trojan-activity;sid:84149924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.17.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286825/; classtype:trojan-activity;sid:84149925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.242.144.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286823/; classtype:trojan-activity;sid:84149923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.77.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286821/; classtype:trojan-activity;sid:84149921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.73.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286822/; classtype:trojan-activity;sid:84149922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.56.250.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286820/; classtype:trojan-activity;sid:84149920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.235.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286819/; classtype:trojan-activity;sid:84149919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.193.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286818/; classtype:trojan-activity;sid:84149918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.174.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286817/; classtype:trojan-activity;sid:84149917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.226.3.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286816/; classtype:trojan-activity;sid:84149916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.192.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286815/; classtype:trojan-activity;sid:84149915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.251.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286814/; classtype:trojan-activity;sid:84149914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.131.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286813/; classtype:trojan-activity;sid:84149913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.164.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286812/; classtype:trojan-activity;sid:84149912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.51.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286811/; classtype:trojan-activity;sid:84149911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.69.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286809/; classtype:trojan-activity;sid:84149909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.2.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286810/; classtype:trojan-activity;sid:84149910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.154.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286808/; classtype:trojan-activity;sid:84149908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.166.11.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286807/; classtype:trojan-activity;sid:84149907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.8.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286806/; classtype:trojan-activity;sid:84149906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.27.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286805/; classtype:trojan-activity;sid:84149905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.108.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286804/; classtype:trojan-activity;sid:84149904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.247.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286803/; classtype:trojan-activity;sid:84149903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.55.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286802/; classtype:trojan-activity;sid:84149902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.165.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286801/; classtype:trojan-activity;sid:84149901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.107.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286800/; classtype:trojan-activity;sid:84149900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.64.233.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286799/; classtype:trojan-activity;sid:84149899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.42.248"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286798/; classtype:trojan-activity;sid:84149898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.11.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286797/; classtype:trojan-activity;sid:84149897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.162.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286796/; classtype:trojan-activity;sid:84149896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.130.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286794/; classtype:trojan-activity;sid:84149894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.239.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286795/; classtype:trojan-activity;sid:84149895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.179.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286793/; classtype:trojan-activity;sid:84149893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.18.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286792/; classtype:trojan-activity;sid:84149892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.45.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286791/; classtype:trojan-activity;sid:84149891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.185.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286790/; classtype:trojan-activity;sid:84149890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.86.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286789/; classtype:trojan-activity;sid:84149889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.131.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286788/; classtype:trojan-activity;sid:84149888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286787)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.13.24.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286787/; classtype:trojan-activity;sid:84149887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286786)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.15.61"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286786/; classtype:trojan-activity;sid:84149886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.143.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286785/; classtype:trojan-activity;sid:84149885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.78.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286784/; classtype:trojan-activity;sid:84149884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.5.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286783/; classtype:trojan-activity;sid:84149883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.19.57.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286782/; classtype:trojan-activity;sid:84149882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.216.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286781/; classtype:trojan-activity;sid:84149881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.154.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286780/; classtype:trojan-activity;sid:84149880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.27.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286779/; classtype:trojan-activity;sid:84149879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.246.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286778/; classtype:trojan-activity;sid:84149878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.78.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286777/; classtype:trojan-activity;sid:84149877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.193.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286776/; classtype:trojan-activity;sid:84149876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.248.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286775/; classtype:trojan-activity;sid:84149875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.21.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286774/; classtype:trojan-activity;sid:84149874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.185.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286773/; classtype:trojan-activity;sid:84149873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.18.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286772/; classtype:trojan-activity;sid:84149872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.78.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286771/; classtype:trojan-activity;sid:84149871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.86.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286769/; classtype:trojan-activity;sid:84149869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.53.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286770/; classtype:trojan-activity;sid:84149870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.184.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286768/; classtype:trojan-activity;sid:84149868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.207.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286767/; classtype:trojan-activity;sid:84149867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.38.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286766/; classtype:trojan-activity;sid:84149866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.55.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286764/; classtype:trojan-activity;sid:84149864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286765/; classtype:trojan-activity;sid:84149865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.43.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286763/; classtype:trojan-activity;sid:84149863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.21.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286762/; classtype:trojan-activity;sid:84149862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.84.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286761/; classtype:trojan-activity;sid:84149861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.75.173.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286760/; classtype:trojan-activity;sid:84149860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.11.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286759/; classtype:trojan-activity;sid:84149859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.246.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286758/; classtype:trojan-activity;sid:84149858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.80.82.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286757/; classtype:trojan-activity;sid:84149857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.207.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286756/; classtype:trojan-activity;sid:84149856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.253.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286755/; classtype:trojan-activity;sid:84149855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.248.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286754/; classtype:trojan-activity;sid:84149854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.190.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286753/; classtype:trojan-activity;sid:84149853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.78.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286752/; classtype:trojan-activity;sid:84149852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286751/; classtype:trojan-activity;sid:84149851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.21.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286750/; classtype:trojan-activity;sid:84149850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.121.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286749/; classtype:trojan-activity;sid:84149849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.93.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286748/; classtype:trojan-activity;sid:84149848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.4.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286747/; classtype:trojan-activity;sid:84149847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.142.75.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286746/; classtype:trojan-activity;sid:84149846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.73.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286745/; classtype:trojan-activity;sid:84149845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.196.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286744/; classtype:trojan-activity;sid:84149844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.53.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286743/; classtype:trojan-activity;sid:84149843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.184.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286742/; classtype:trojan-activity;sid:84149842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286741/; classtype:trojan-activity;sid:84149841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.237.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286740/; classtype:trojan-activity;sid:84149840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.245.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286739/; classtype:trojan-activity;sid:84149839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.240.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286738/; classtype:trojan-activity;sid:84149838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"69.129.18.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286737/; classtype:trojan-activity;sid:84149837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.173.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286736/; classtype:trojan-activity;sid:84149836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.160.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286734/; classtype:trojan-activity;sid:84149834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.241.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286735/; classtype:trojan-activity;sid:84149835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.200.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286732/; classtype:trojan-activity;sid:84149832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.230.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286733/; classtype:trojan-activity;sid:84149833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.121.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286731/; classtype:trojan-activity;sid:84149831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.198.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286730/; classtype:trojan-activity;sid:84149830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.22.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286729/; classtype:trojan-activity;sid:84149829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286728/; classtype:trojan-activity;sid:84149828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.73.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286727/; classtype:trojan-activity;sid:84149827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.23.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286726/; classtype:trojan-activity;sid:84149826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.208.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286725/; classtype:trojan-activity;sid:84149825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.166.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286724/; classtype:trojan-activity;sid:84149824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286723/; classtype:trojan-activity;sid:84149823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.156.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286722/; classtype:trojan-activity;sid:84149822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.230.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286721/; classtype:trojan-activity;sid:84149821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.200.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286720/; classtype:trojan-activity;sid:84149820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.252.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286718/; classtype:trojan-activity;sid:84149818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286719/; classtype:trojan-activity;sid:84149819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.139.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286717/; classtype:trojan-activity;sid:84149817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.144.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286716/; classtype:trojan-activity;sid:84149816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.87.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286715/; classtype:trojan-activity;sid:84149815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.21.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286714/; classtype:trojan-activity;sid:84149814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.4.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286712/; classtype:trojan-activity;sid:84149812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.164.239.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286713/; classtype:trojan-activity;sid:84149813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.11.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286711/; classtype:trojan-activity;sid:84149811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.237.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286710/; classtype:trojan-activity;sid:84149810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.99.47.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286709/; classtype:trojan-activity;sid:84149809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.4.224.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286707/; classtype:trojan-activity;sid:84149807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.179.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286708/; classtype:trojan-activity;sid:84149808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.158.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286706/; classtype:trojan-activity;sid:84149806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.156.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286705/; classtype:trojan-activity;sid:84149805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.68.226"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286704/; classtype:trojan-activity;sid:84149804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.252.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286703/; classtype:trojan-activity;sid:84149803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286702/; classtype:trojan-activity;sid:84149802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.109.147.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286701/; classtype:trojan-activity;sid:84149801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.26.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286700/; classtype:trojan-activity;sid:84149800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.179.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286699/; classtype:trojan-activity;sid:84149799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286698)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.203.68.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286698/; classtype:trojan-activity;sid:84149798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.4.224.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286697/; classtype:trojan-activity;sid:84149797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.19.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286696/; classtype:trojan-activity;sid:84149796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286695)"; flow:established,from_client; content:"GET"; http_method; content:"/amidaware/rmmagent/releases/download/v2.8.0/tacticalagent-v2.8.0-windows-amd64.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286695/; classtype:trojan-activity;sid:84149795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.99.47.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286693/; classtype:trojan-activity;sid:84149793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.28.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286694/; classtype:trojan-activity;sid:84149794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.116.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286692/; classtype:trojan-activity;sid:84149792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.185.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286691/; classtype:trojan-activity;sid:84149791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286690)"; flow:established,from_client; content:"GET"; http_method; content:"/244_rgzwnbqrkpn"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mbsngradnja.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286690/; classtype:trojan-activity;sid:84149790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286689)"; flow:established,from_client; content:"GET"; http_method; content:"/244_rgzwnbqrkpn"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mbsngradnja.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286689/; classtype:trojan-activity;sid:84149789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286685)"; flow:established,from_client; content:"GET"; http_method; content:"/244_rgzwnbqrkpn"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"92.114.2.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286685/; classtype:trojan-activity;sid:84149785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286686)"; flow:established,from_client; content:"GET"; http_method; content:"/244_rgzwnbqrkpn"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"92.114.2.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286686/; classtype:trojan-activity;sid:84149786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286687)"; flow:established,from_client; content:"GET"; http_method; content:"/244_rgzwnbqrkpn"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"voievodulgelu.ro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286687/; classtype:trojan-activity;sid:84149787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286688)"; flow:established,from_client; content:"GET"; http_method; content:"/244_rgzwnbqrkpn"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"voievodulgelu.ro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286688/; classtype:trojan-activity;sid:84149788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.72.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286684/; classtype:trojan-activity;sid:84149784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.26.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286683/; classtype:trojan-activity;sid:84149783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286682/; classtype:trojan-activity;sid:84149782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.10.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286681/; classtype:trojan-activity;sid:84149781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.142.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286680/; classtype:trojan-activity;sid:84149780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.169.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286678/; classtype:trojan-activity;sid:84149778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.64.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286679/; classtype:trojan-activity;sid:84149779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.6.91.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286677/; classtype:trojan-activity;sid:84149777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.129.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286676/; classtype:trojan-activity;sid:84149776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.172.48.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286675/; classtype:trojan-activity;sid:84149775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.169.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286674/; classtype:trojan-activity;sid:84149774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.10.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286673/; classtype:trojan-activity;sid:84149773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.142.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286672/; classtype:trojan-activity;sid:84149772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.64.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286671/; classtype:trojan-activity;sid:84149771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.185.9.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286670/; classtype:trojan-activity;sid:84149770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.251.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286669/; classtype:trojan-activity;sid:84149769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.131.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286668/; classtype:trojan-activity;sid:84149768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.241.49.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286667/; classtype:trojan-activity;sid:84149767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.91.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286666/; classtype:trojan-activity;sid:84149766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.11.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286665/; classtype:trojan-activity;sid:84149765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.99.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286664/; classtype:trojan-activity;sid:84149764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.129.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286663/; classtype:trojan-activity;sid:84149763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.212.111.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286662/; classtype:trojan-activity;sid:84149762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.74.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286661/; classtype:trojan-activity;sid:84149761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286660/; classtype:trojan-activity;sid:84149760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.137.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286659/; classtype:trojan-activity;sid:84149759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.113.132.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286658/; classtype:trojan-activity;sid:84149758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286657)"; flow:established,from_client; content:"GET"; http_method; content:"/35/efrgvfre.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"198.46.178.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286657/; classtype:trojan-activity;sid:84149757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286655)"; flow:established,from_client; content:"GET"; http_method; content:"/35/wg/seethebestthingswithgoodthingswithgreatthignsfor.hta"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"198.46.178.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286655/; classtype:trojan-activity;sid:84149755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286656)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/sw/sw/seethebestthingswithentireworldgettinggoodthings.hta"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"107.172.148.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286656/; classtype:trojan-activity;sid:84149756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286654)"; flow:established,from_client; content:"GET"; http_method; content:"/35/seethebestgirlseverdidbestthignswithmyself.tif"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"198.46.178.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286654/; classtype:trojan-activity;sid:84149754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286653)"; flow:established,from_client; content:"GET"; http_method; content:"/35/seethebestgirlseverdidbestthignswithmyself.tif"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"198.46.178.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286653/; classtype:trojan-activity;sid:84149753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286651)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=13avvmelmqto_mu6w9cwsshjk2bhdv7u4"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286651/; classtype:trojan-activity;sid:84149751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286652)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/kjm3p6dn0pqdlzy5e4e44/demanda-laboral_proceso-judicial-rdo-2003250-00214.gz|3f|rlkey=7mui9cgd8ktq5re4a9amgmjzc|7c|26|7c|st=0cy6e2s5|7c|26|7c|dl=1"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286652/; classtype:trojan-activity;sid:84149752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286647)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/bnc/see/seethebestthingswithentiretimeimadeforyousee.hta"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"192.3.193.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286647/; classtype:trojan-activity;sid:84149747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286648)"; flow:established,from_client; content:"GET"; http_method; content:"/155/rfgfvfr.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"192.3.193.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286648/; classtype:trojan-activity;sid:84149748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.111.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286649/; classtype:trojan-activity;sid:84149749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286650)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1lbbx9xt4xxtbcwu6jtuhq3pq1-mtgz5h|7c|26|7c|export=download|7c|26|7c|authuser=0"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286650/; classtype:trojan-activity;sid:84149750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286646)"; flow:established,from_client; content:"GET"; http_method; content:"/155/vc/seethebestthingsneedtodowithgreatthingshappenedonheretosee.hta"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"192.3.193.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286646/; classtype:trojan-activity;sid:84149746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286645)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ziwz1i5mdrlw0beytiupuo2aoigqpgg3"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286645/; classtype:trojan-activity;sid:84149745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286643)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/5wypci2ocjuvk4u83bojh/fichero-20200324-demanda-laboral_proceso-judicial.gz|3f|rlkey=0qhtd1mshaadwjtklhhibyg3j|7c|26|7c|st=tq63jyix|7c|26|7c|dl=1"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"dropbox.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286643/; classtype:trojan-activity;sid:84149743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286644)"; flow:established,from_client; content:"GET"; http_method; content:"/155/brandthingswithgreatamazingthingshappened.tif"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"192.3.193.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286644/; classtype:trojan-activity;sid:84149744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.244.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286642/; classtype:trojan-activity;sid:84149742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.92.103.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286641/; classtype:trojan-activity;sid:84149741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.99.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286640/; classtype:trojan-activity;sid:84149740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286639/; classtype:trojan-activity;sid:84149739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.74.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286638/; classtype:trojan-activity;sid:84149738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.82.99"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286637/; classtype:trojan-activity;sid:84149737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.181.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286636/; classtype:trojan-activity;sid:84149736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.221.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286635/; classtype:trojan-activity;sid:84149735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.163.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286634/; classtype:trojan-activity;sid:84149734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.78.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286633/; classtype:trojan-activity;sid:84149733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.73.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286632/; classtype:trojan-activity;sid:84149732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.134.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286630/; classtype:trojan-activity;sid:84149730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.51.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286631/; classtype:trojan-activity;sid:84149731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286629/; classtype:trojan-activity;sid:84149729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.185.49.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286628/; classtype:trojan-activity;sid:84149728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.67.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286627/; classtype:trojan-activity;sid:84149727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.134.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286626/; classtype:trojan-activity;sid:84149726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286625)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=116gevsxa7cm0vfw2ztpbmql8uyanda_o"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286625/; classtype:trojan-activity;sid:84149725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.82.99"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286624/; classtype:trojan-activity;sid:84149724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.37.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286621/; classtype:trojan-activity;sid:84149721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.237.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286622/; classtype:trojan-activity;sid:84149722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.215.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286623/; classtype:trojan-activity;sid:84149723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.82.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286620/; classtype:trojan-activity;sid:84149720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.227.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286619/; classtype:trojan-activity;sid:84149719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.29.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286618/; classtype:trojan-activity;sid:84149718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.67.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286617/; classtype:trojan-activity;sid:84149717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.255.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286616/; classtype:trojan-activity;sid:84149716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.60.238.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286615/; classtype:trojan-activity;sid:84149715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286614/; classtype:trojan-activity;sid:84149714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.16.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286613/; classtype:trojan-activity;sid:84149713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.67.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286612/; classtype:trojan-activity;sid:84149712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.218.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286611/; classtype:trojan-activity;sid:84149711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.226.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286609/; classtype:trojan-activity;sid:84149709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.11.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286610/; classtype:trojan-activity;sid:84149710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.237.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286608/; classtype:trojan-activity;sid:84149708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.8.129.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286607/; classtype:trojan-activity;sid:84149707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.184.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286605/; classtype:trojan-activity;sid:84149705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.97.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286606/; classtype:trojan-activity;sid:84149706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.80.82.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286604/; classtype:trojan-activity;sid:84149704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286603/; classtype:trojan-activity;sid:84149703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.79.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286602/; classtype:trojan-activity;sid:84149702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.82.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286601/; classtype:trojan-activity;sid:84149701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.113.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286600/; classtype:trojan-activity;sid:84149700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.53.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286599/; classtype:trojan-activity;sid:84149699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.238.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286598/; classtype:trojan-activity;sid:84149698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.26.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286597/; classtype:trojan-activity;sid:84149697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.11.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286596/; classtype:trojan-activity;sid:84149696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.131.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286595/; classtype:trojan-activity;sid:84149695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286594/; classtype:trojan-activity;sid:84149694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286593/; classtype:trojan-activity;sid:84149693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.173.10.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286592/; classtype:trojan-activity;sid:84149692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.200.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286591/; classtype:trojan-activity;sid:84149691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286589)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.78.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286589/; classtype:trojan-activity;sid:84149689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.179.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286590/; classtype:trojan-activity;sid:84149690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.8.129.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286588/; classtype:trojan-activity;sid:84149688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286586)"; flow:established,from_client; content:"GET"; http_method; content:"/mips/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.202.35.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286586/; classtype:trojan-activity;sid:84149686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286587)"; flow:established,from_client; content:"GET"; http_method; content:"/file/fl-studio-cracked.com"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"80.76.51.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286587/; classtype:trojan-activity;sid:84149687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286583)"; flow:established,from_client; content:"GET"; http_method; content:"/sistemas/archivos/unico-venta3401005.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"www.flechabusretiro.com.ar"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286583/; classtype:trojan-activity;sid:84149683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286581)"; flow:established,from_client; content:"GET"; http_method; content:"/recup/bum=187826617|7c|26|7c|ampfilename=hoshi_no_kirby_-_yume_no_izumi_deluxe_japan.exe"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"superquest.info"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286581/; classtype:trojan-activity;sid:84149681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286582)"; flow:established,from_client; content:"GET"; http_method; content:"/30622/shttpsr_mg.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"ns.smallsrv.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286582/; classtype:trojan-activity;sid:84149682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.184.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286580/; classtype:trojan-activity;sid:84149680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.53.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286579/; classtype:trojan-activity;sid:84149679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286577)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.26.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286577/; classtype:trojan-activity;sid:84149677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.192.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286578/; classtype:trojan-activity;sid:84149678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.208.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286576/; classtype:trojan-activity;sid:84149676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286575/; classtype:trojan-activity;sid:84149675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.249.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286574/; classtype:trojan-activity;sid:84149674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.31.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286573/; classtype:trojan-activity;sid:84149673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286572/; classtype:trojan-activity;sid:84149672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.67.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286570/; classtype:trojan-activity;sid:84149670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.217.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286571/; classtype:trojan-activity;sid:84149671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.185.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286569/; classtype:trojan-activity;sid:84149669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.43.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286568/; classtype:trojan-activity;sid:84149668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.26.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286567/; classtype:trojan-activity;sid:84149667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.27.199.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286566/; classtype:trojan-activity;sid:84149666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.32.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286565/; classtype:trojan-activity;sid:84149665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.226.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286563/; classtype:trojan-activity;sid:84149663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.18.208.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286562/; classtype:trojan-activity;sid:84149662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.163.68.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286560/; classtype:trojan-activity;sid:84149660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.29.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286561/; classtype:trojan-activity;sid:84149661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.169.234.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286559/; classtype:trojan-activity;sid:84149659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.163.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286558/; classtype:trojan-activity;sid:84149658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.199.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286557/; classtype:trojan-activity;sid:84149657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286556/; classtype:trojan-activity;sid:84149656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.211.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286554/; classtype:trojan-activity;sid:84149654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.194.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286555/; classtype:trojan-activity;sid:84149655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.129.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286552/; classtype:trojan-activity;sid:84149652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.153.209.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286553/; classtype:trojan-activity;sid:84149653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286551)"; flow:established,from_client; content:"GET"; http_method; content:"/[cpu]"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286551/; classtype:trojan-activity;sid:84149651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.241.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286550/; classtype:trojan-activity;sid:84149650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.192.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286549/; classtype:trojan-activity;sid:84149649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.52.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286547/; classtype:trojan-activity;sid:84149647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.67.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286548/; classtype:trojan-activity;sid:84149648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.18.208.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286546/; classtype:trojan-activity;sid:84149646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.62.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286545/; classtype:trojan-activity;sid:84149645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286531)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286531/; classtype:trojan-activity;sid:84149631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286532)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286532/; classtype:trojan-activity;sid:84149632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286533)"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286533/; classtype:trojan-activity;sid:84149633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286534)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286534/; classtype:trojan-activity;sid:84149634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286535)"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286535/; classtype:trojan-activity;sid:84149635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286537)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286537/; classtype:trojan-activity;sid:84149637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286538)"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286538/; classtype:trojan-activity;sid:84149638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286539)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286539/; classtype:trojan-activity;sid:84149639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286540)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286540/; classtype:trojan-activity;sid:84149640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286541)"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286541/; classtype:trojan-activity;sid:84149641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.179.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286542/; classtype:trojan-activity;sid:84149642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286543)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286543/; classtype:trojan-activity;sid:84149643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286544)"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286544/; classtype:trojan-activity;sid:84149644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.61.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286529/; classtype:trojan-activity;sid:84149629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.179.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286528/; classtype:trojan-activity;sid:84149628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.94.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286527/; classtype:trojan-activity;sid:84149627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286526)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286526/; classtype:trojan-activity;sid:84149626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.135.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286525/; classtype:trojan-activity;sid:84149625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.170.37.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286524/; classtype:trojan-activity;sid:84149624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.60.180.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286523/; classtype:trojan-activity;sid:84149623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286522)"; flow:established,from_client; content:"GET"; http_method; content:"/img/pidgeon.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.120.125.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286522/; classtype:trojan-activity;sid:84149622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.163.68.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286521/; classtype:trojan-activity;sid:84149621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.163.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286520/; classtype:trojan-activity;sid:84149620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.168.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286519/; classtype:trojan-activity;sid:84149619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286518)"; flow:established,from_client; content:"GET"; http_method; content:"/kzxiaopeng2/kuaizip_setup_-808202126_xiaopeng2_001.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"d.kpzip.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286518/; classtype:trojan-activity;sid:84149618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286517)"; flow:established,from_client; content:"GET"; http_method; content:"/kuaileup/dianzhangzhushouanzhuanbao.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"klfs.synology.me"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286517/; classtype:trojan-activity;sid:84149617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286516)"; flow:established,from_client; content:"GET"; http_method; content:"/installer.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.176.168.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286516/; classtype:trojan-activity;sid:84149616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286515)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/hostfile/autoupdate.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"kiemthehuyenlong.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286515/; classtype:trojan-activity;sid:84149615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286514)"; flow:established,from_client; content:"GET"; http_method; content:"/download/xiaohu.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"110.40.51.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286514/; classtype:trojan-activity;sid:84149614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286513)"; flow:established,from_client; content:"GET"; http_method; content:"/haozip.convertimg.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"download.haozip.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286513/; classtype:trojan-activity;sid:84149613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286512)"; flow:established,from_client; content:"GET"; http_method; content:"/s_11222.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"62.109.5.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286512/; classtype:trojan-activity;sid:84149612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286510)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/hostfile/autoupdate.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"103.167.89.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286510/; classtype:trojan-activity;sid:84149610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286511)"; flow:established,from_client; content:"GET"; http_method; content:"/content/goodlabel%e6%89%93%e5%8d%b0%e6%9c%8d%e5%8a%a1%e5%ae%89%e8%a3%85%e7%a8%8b%e5%ba%8f.exe"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"goodlabel.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286511/; classtype:trojan-activity;sid:84149611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286509)"; flow:established,from_client; content:"GET"; http_method; content:"/noloadn_old_new.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kortatay.myz.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286509/; classtype:trojan-activity;sid:84149609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286508)"; flow:established,from_client; content:"GET"; http_method; content:"/procx64.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"kortatay.myz.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286508/; classtype:trojan-activity;sid:84149608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286507)"; flow:established,from_client; content:"GET"; http_method; content:"/asufer.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"kortatay.myz.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286507/; classtype:trojan-activity;sid:84149607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286505)"; flow:established,from_client; content:"GET"; http_method; content:"/securityhealthservice.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.230.121.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286505/; classtype:trojan-activity;sid:84149605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286506)"; flow:established,from_client; content:"GET"; http_method; content:"/clr.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"kortatay.myz.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286506/; classtype:trojan-activity;sid:84149606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286502)"; flow:established,from_client; content:"GET"; http_method; content:"/java.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.176.168.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286502/; classtype:trojan-activity;sid:84149602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286503)"; flow:established,from_client; content:"GET"; http_method; content:"/nanodump_ppl64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.200.psinetpa.net.prodejdilu.cz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286503/; classtype:trojan-activity;sid:84149603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286504)"; flow:established,from_client; content:"GET"; http_method; content:"/meow.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.200.psinetpa.net.prodejdilu.cz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286504/; classtype:trojan-activity;sid:84149604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.236.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286501/; classtype:trojan-activity;sid:84149601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.62.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286500/; classtype:trojan-activity;sid:84149600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.34.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286499/; classtype:trojan-activity;sid:84149599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.100.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286498/; classtype:trojan-activity;sid:84149598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.75.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286497/; classtype:trojan-activity;sid:84149597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.134.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286496/; classtype:trojan-activity;sid:84149596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.64.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286495/; classtype:trojan-activity;sid:84149595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.212.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286494/; classtype:trojan-activity;sid:84149594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.9.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286493/; classtype:trojan-activity;sid:84149593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.144.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286492/; classtype:trojan-activity;sid:84149592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.29.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286490/; classtype:trojan-activity;sid:84149590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.168.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286491/; classtype:trojan-activity;sid:84149591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.53.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286489/; classtype:trojan-activity;sid:84149589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.47.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286488/; classtype:trojan-activity;sid:84149588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.77.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286487/; classtype:trojan-activity;sid:84149587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.129.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286486/; classtype:trojan-activity;sid:84149586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.214.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286485/; classtype:trojan-activity;sid:84149585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.25.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286484/; classtype:trojan-activity;sid:84149584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.193.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286483/; classtype:trojan-activity;sid:84149583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.160.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286482/; classtype:trojan-activity;sid:84149582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.37.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286481/; classtype:trojan-activity;sid:84149581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.47.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286480/; classtype:trojan-activity;sid:84149580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.75.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286479/; classtype:trojan-activity;sid:84149579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.31.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286478/; classtype:trojan-activity;sid:84149578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.158.67.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286475/; classtype:trojan-activity;sid:84149575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.23.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286476/; classtype:trojan-activity;sid:84149576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.166.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286477/; classtype:trojan-activity;sid:84149577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.134.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286474/; classtype:trojan-activity;sid:84149574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.139.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286473/; classtype:trojan-activity;sid:84149573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286468)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fra2utyr6zsdchelinais.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286468/; classtype:trojan-activity;sid:84149568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286469)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fra2utyr6zsdchelinais.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286469/; classtype:trojan-activity;sid:84149569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286470)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fra2utyr6zsdchelinais.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286470/; classtype:trojan-activity;sid:84149570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286471)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fra2utyr6zsdchelinais.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286471/; classtype:trojan-activity;sid:84149571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286472)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"fra2utyr6zsdchelinais.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286472/; classtype:trojan-activity;sid:84149572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.45.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286467/; classtype:trojan-activity;sid:84149567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286466)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"fra2utyr6zsdchelinais.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286466/; classtype:trojan-activity;sid:84149566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286460)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fra2utyr6zsdchelinais.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286460/; classtype:trojan-activity;sid:84149560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286461)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fra2utyr6zsdchelinais.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286461/; classtype:trojan-activity;sid:84149561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286462)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"fra2utyr6zsdchelinais.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286462/; classtype:trojan-activity;sid:84149562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286463)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fra2utyr6zsdchelinais.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286463/; classtype:trojan-activity;sid:84149563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286464)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fra2utyr6zsdchelinais.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286464/; classtype:trojan-activity;sid:84149564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286465)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"fra2utyr6zsdchelinais.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286465/; classtype:trojan-activity;sid:84149565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.47.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286459/; classtype:trojan-activity;sid:84149559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.237.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286458/; classtype:trojan-activity;sid:84149558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.219.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286457/; classtype:trojan-activity;sid:84149557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.151.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286456/; classtype:trojan-activity;sid:84149556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.42.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286455/; classtype:trojan-activity;sid:84149555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.99.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286454/; classtype:trojan-activity;sid:84149554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.106.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286453/; classtype:trojan-activity;sid:84149553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.31.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286452/; classtype:trojan-activity;sid:84149552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.26.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286451/; classtype:trojan-activity;sid:84149551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.26.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286450/; classtype:trojan-activity;sid:84149550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.122.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286449/; classtype:trojan-activity;sid:84149549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.47.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286448/; classtype:trojan-activity;sid:84149548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.197.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286447/; classtype:trojan-activity;sid:84149547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.69.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286446/; classtype:trojan-activity;sid:84149546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286444)"; flow:established,from_client; content:"GET"; http_method; content:"/harm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"104.37.188.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286444/; classtype:trojan-activity;sid:84149544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286445)"; flow:established,from_client; content:"GET"; http_method; content:"/harm4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"104.37.188.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286445/; classtype:trojan-activity;sid:84149545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.237.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286443/; classtype:trojan-activity;sid:84149543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.99.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286442/; classtype:trojan-activity;sid:84149542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.47.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286441/; classtype:trojan-activity;sid:84149541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.226.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286440/; classtype:trojan-activity;sid:84149540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.81.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286439/; classtype:trojan-activity;sid:84149539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.22.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286438/; classtype:trojan-activity;sid:84149538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.41.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286437/; classtype:trojan-activity;sid:84149537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.106.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286436/; classtype:trojan-activity;sid:84149536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.150.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286435/; classtype:trojan-activity;sid:84149535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.8.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286434/; classtype:trojan-activity;sid:84149534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.200.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286433/; classtype:trojan-activity;sid:84149533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286432)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.154.172.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286432/; classtype:trojan-activity;sid:84149532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286431)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.154.172.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286431/; classtype:trojan-activity;sid:84149531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286430)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.154.172.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286430/; classtype:trojan-activity;sid:84149530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286427)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.154.172.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286427/; classtype:trojan-activity;sid:84149527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286428)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.37.188.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286428/; classtype:trojan-activity;sid:84149528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286429)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.37.188.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286429/; classtype:trojan-activity;sid:84149529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286414)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.154.172.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286414/; classtype:trojan-activity;sid:84149514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286415)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.154.172.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286415/; classtype:trojan-activity;sid:84149515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286416)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.37.188.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286416/; classtype:trojan-activity;sid:84149516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286417)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.37.188.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286417/; classtype:trojan-activity;sid:84149517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286418)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.154.172.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286418/; classtype:trojan-activity;sid:84149518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286419)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.37.188.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286419/; classtype:trojan-activity;sid:84149519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286420)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.154.172.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286420/; classtype:trojan-activity;sid:84149520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286421)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.154.172.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286421/; classtype:trojan-activity;sid:84149521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286422)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.37.188.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286422/; classtype:trojan-activity;sid:84149522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286423)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.154.172.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286423/; classtype:trojan-activity;sid:84149523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286424)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.154.172.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286424/; classtype:trojan-activity;sid:84149524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286425)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.154.172.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286425/; classtype:trojan-activity;sid:84149525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286426)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.37.188.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286426/; classtype:trojan-activity;sid:84149526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286413)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"162.245.221.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286413/; classtype:trojan-activity;sid:84149513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.45.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286411/; classtype:trojan-activity;sid:84149511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.119.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286412/; classtype:trojan-activity;sid:84149512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286410)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tbdxxyba5qkepcrx9buyely07cd5f5raqh"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286410/; classtype:trojan-activity;sid:84149510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286408)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dvh5m9ppg8ve0sjuqb30hvwzxieuq7eyqd"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286408/; classtype:trojan-activity;sid:84149508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286409)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/iogezp2ofl1slbiklfrtx77fk74xh2jcbn"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286409/; classtype:trojan-activity;sid:84149509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286391)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.245.221.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286391/; classtype:trojan-activity;sid:84149491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286392)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wubs4mir8xqepuk3k86impwaewxxw20mxu"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286392/; classtype:trojan-activity;sid:84149492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286393)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/csuiq4h7okrnjzftle9wq8h90le6nl3qid"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286393/; classtype:trojan-activity;sid:84149493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286394)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.245.221.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286394/; classtype:trojan-activity;sid:84149494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286395)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dr9hptekx7ullwvjb8istdnegfwe9bugwn"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286395/; classtype:trojan-activity;sid:84149495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286396)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/01hwebx9tcxae3qljakwoq2eczxd84ifym"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286396/; classtype:trojan-activity;sid:84149496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286397)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.245.221.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286397/; classtype:trojan-activity;sid:84149497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286398)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"162.245.221.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286398/; classtype:trojan-activity;sid:84149498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286399)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zhz603w932kzpqm2wmbcoipeu4i1fqo17z"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286399/; classtype:trojan-activity;sid:84149499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286400)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"162.245.221.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286400/; classtype:trojan-activity;sid:84149500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286401)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/4toufmu4ghvlcrynzh5oebi4bugqrqqnxy"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286401/; classtype:trojan-activity;sid:84149501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286402)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"162.245.221.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286402/; classtype:trojan-activity;sid:84149502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bijmrbcj4hwkohqatwrvswakkn983xdznv"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286403/; classtype:trojan-activity;sid:84149503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286404)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/6fost20o0fvjnivbea5dckwtpovnylywed"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286404/; classtype:trojan-activity;sid:84149504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286405)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/iay9mesrrk07gcfu6q1hnasqp7nsrpg5vk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286405/; classtype:trojan-activity;sid:84149505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286406)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gebtsr5fz5nh7o1p9imhqxhlu5z9ugkrxo"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286406/; classtype:trojan-activity;sid:84149506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286407)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/oagv3juxcgqx3acxpbcpflpaqge9nx16yf"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286407/; classtype:trojan-activity;sid:84149507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286387)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.245.221.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286387/; classtype:trojan-activity;sid:84149487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286388)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"162.245.221.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286388/; classtype:trojan-activity;sid:84149488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286389)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.245.221.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286389/; classtype:trojan-activity;sid:84149489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286390)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.245.221.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286390/; classtype:trojan-activity;sid:84149490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.69.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286386/; classtype:trojan-activity;sid:84149486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.79.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286385/; classtype:trojan-activity;sid:84149485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.5.36.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286384/; classtype:trojan-activity;sid:84149484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.150.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286383/; classtype:trojan-activity;sid:84149483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286382)"; flow:established,from_client; content:"GET"; http_method; content:"/bgiegeir.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kykgenot.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286382/; classtype:trojan-activity;sid:84149482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286380)"; flow:established,from_client; content:"GET"; http_method; content:"/bgiegeir.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kykgenot.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286380/; classtype:trojan-activity;sid:84149480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286381)"; flow:established,from_client; content:"GET"; http_method; content:"/bgiegeir.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kykgenot.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286381/; classtype:trojan-activity;sid:84149481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286376)"; flow:established,from_client; content:"GET"; http_method; content:"/bgiegeir.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kykgenot.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286376/; classtype:trojan-activity;sid:84149476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286377)"; flow:established,from_client; content:"GET"; http_method; content:"/bgiegeir.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kykgenot.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286377/; classtype:trojan-activity;sid:84149477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286378)"; flow:established,from_client; content:"GET"; http_method; content:"/bgiegeir.arm4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kykgenot.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286378/; classtype:trojan-activity;sid:84149478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286379)"; flow:established,from_client; content:"GET"; http_method; content:"/bgiegeir.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kykgenot.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286379/; classtype:trojan-activity;sid:84149479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286375/; classtype:trojan-activity;sid:84149475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.124.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286374/; classtype:trojan-activity;sid:84149474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.41.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286373/; classtype:trojan-activity;sid:84149473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.8.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286372/; classtype:trojan-activity;sid:84149472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.70.244.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286371/; classtype:trojan-activity;sid:84149471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.212.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286370/; classtype:trojan-activity;sid:84149470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.252.167.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286369/; classtype:trojan-activity;sid:84149469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"132.255.117.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286368/; classtype:trojan-activity;sid:84149468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.166.251.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286367/; classtype:trojan-activity;sid:84149467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.63.21.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286364/; classtype:trojan-activity;sid:84149464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.115.213.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286365/; classtype:trojan-activity;sid:84149465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.254.13.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286366/; classtype:trojan-activity;sid:84149466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.160.164.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286361/; classtype:trojan-activity;sid:84149461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.0.226.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286362/; classtype:trojan-activity;sid:84149462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.201.40.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286363/; classtype:trojan-activity;sid:84149463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.14.162.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286360/; classtype:trojan-activity;sid:84149460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.163.19.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286359/; classtype:trojan-activity;sid:84149459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.129.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286358/; classtype:trojan-activity;sid:84149458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.54.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286357/; classtype:trojan-activity;sid:84149457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.192.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286356/; classtype:trojan-activity;sid:84149456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.119.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286355/; classtype:trojan-activity;sid:84149455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.232.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286353/; classtype:trojan-activity;sid:84149453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.79.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286354/; classtype:trojan-activity;sid:84149454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.168.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286352/; classtype:trojan-activity;sid:84149452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286351/; classtype:trojan-activity;sid:84149451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.251.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286349/; classtype:trojan-activity;sid:84149449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.91.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286350/; classtype:trojan-activity;sid:84149450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.45.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286348/; classtype:trojan-activity;sid:84149448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.247.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286347/; classtype:trojan-activity;sid:84149447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.181.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286346/; classtype:trojan-activity;sid:84149446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.72.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286345/; classtype:trojan-activity;sid:84149445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286344)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.62.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286344/; classtype:trojan-activity;sid:84149444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286343)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"118.107.43.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286343/; classtype:trojan-activity;sid:84149443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286342)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kk30.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286342/; classtype:trojan-activity;sid:84149442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.64.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286341/; classtype:trojan-activity;sid:84149441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.144.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286340/; classtype:trojan-activity;sid:84149440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.89.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286339/; classtype:trojan-activity;sid:84149439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.104.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286337/; classtype:trojan-activity;sid:84149437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.28.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286338/; classtype:trojan-activity;sid:84149438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286336)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286336/; classtype:trojan-activity;sid:84149436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286335/; classtype:trojan-activity;sid:84149435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.251.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286334/; classtype:trojan-activity;sid:84149434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.169.234.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286333/; classtype:trojan-activity;sid:84149433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.192.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286332/; classtype:trojan-activity;sid:84149432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.249.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286331/; classtype:trojan-activity;sid:84149431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286327)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"byte-main-cnc.n-e.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286327/; classtype:trojan-activity;sid:84149427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286328)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"byte-main-cnc.n-e.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286328/; classtype:trojan-activity;sid:84149428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286329)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"byte-main-cnc.n-e.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286329/; classtype:trojan-activity;sid:84149429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286330)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"byte-main-cnc.n-e.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286330/; classtype:trojan-activity;sid:84149430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286323)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"byte-main-cnc.n-e.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286323/; classtype:trojan-activity;sid:84149423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286324)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"byte-main-cnc.n-e.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286324/; classtype:trojan-activity;sid:84149424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286325)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"byte-main-cnc.n-e.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286325/; classtype:trojan-activity;sid:84149425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286326)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"byte-main-cnc.n-e.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286326/; classtype:trojan-activity;sid:84149426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286320)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"byte-main-cnc.n-e.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286320/; classtype:trojan-activity;sid:84149420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286321)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"byte-main-cnc.n-e.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286321/; classtype:trojan-activity;sid:84149421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286322)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/dlr.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"byte-main-cnc.n-e.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286322/; classtype:trojan-activity;sid:84149422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286319)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"byte-main-cnc.n-e.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286319/; classtype:trojan-activity;sid:84149419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286317)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"byte-main-cnc.n-e.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286317/; classtype:trojan-activity;sid:84149417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286318)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"byte-main-cnc.n-e.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286318/; classtype:trojan-activity;sid:84149418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286316)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"byte-main-cnc.n-e.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286316/; classtype:trojan-activity;sid:84149416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.177.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286315/; classtype:trojan-activity;sid:84149415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.159.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286314/; classtype:trojan-activity;sid:84149414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286312)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.17.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286312/; classtype:trojan-activity;sid:84149412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.59.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286313/; classtype:trojan-activity;sid:84149413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286310/; classtype:trojan-activity;sid:84149410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286311/; classtype:trojan-activity;sid:84149411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286309)"; flow:established,from_client; content:"GET"; http_method; content:"/jwwofba5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.216.16.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286309/; classtype:trojan-activity;sid:84149409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286307)"; flow:established,from_client; content:"GET"; http_method; content:"/iwir64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.216.16.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286307/; classtype:trojan-activity;sid:84149407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286308)"; flow:established,from_client; content:"GET"; http_method; content:"/wnbw86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.216.16.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286308/; classtype:trojan-activity;sid:84149408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.90.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286306/; classtype:trojan-activity;sid:84149406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286305/; classtype:trojan-activity;sid:84149405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286304)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vi2.02nier.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286304/; classtype:trojan-activity;sid:84149404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.153.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286303/; classtype:trojan-activity;sid:84149403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286294)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vi2.02nier.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286294/; classtype:trojan-activity;sid:84149394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286295)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"vi2.02nier.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286295/; classtype:trojan-activity;sid:84149395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286296)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vi2.02nier.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286296/; classtype:trojan-activity;sid:84149396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286297)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vi2.02nier.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286297/; classtype:trojan-activity;sid:84149397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286298)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vi2.02nier.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286298/; classtype:trojan-activity;sid:84149398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286299)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vi2.02nier.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286299/; classtype:trojan-activity;sid:84149399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286300)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"vi2.02nier.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286300/; classtype:trojan-activity;sid:84149400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286301)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"vi2.02nier.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286301/; classtype:trojan-activity;sid:84149401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286302)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"vi2.02nier.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286302/; classtype:trojan-activity;sid:84149402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286293)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vi2.02nier.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286293/; classtype:trojan-activity;sid:84149393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286291)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.arm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vi2.02nier.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286291/; classtype:trojan-activity;sid:84149391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286292)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"vi2.02nier.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286292/; classtype:trojan-activity;sid:84149392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286289)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.arm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vi2.02nier.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286289/; classtype:trojan-activity;sid:84149389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286290)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.arm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vi2.02nier.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286290/; classtype:trojan-activity;sid:84149390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.243.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286286/; classtype:trojan-activity;sid:84149386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286287)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.arm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vi2.02nier.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286287/; classtype:trojan-activity;sid:84149387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286288)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.m68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vi2.02nier.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286288/; classtype:trojan-activity;sid:84149388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.162.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286284/; classtype:trojan-activity;sid:84149384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.177.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286283/; classtype:trojan-activity;sid:84149383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.159.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286281/; classtype:trojan-activity;sid:84149381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.4.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286282/; classtype:trojan-activity;sid:84149382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.134.15.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286280/; classtype:trojan-activity;sid:84149380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.225.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286279/; classtype:trojan-activity;sid:84149379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.39.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286278/; classtype:trojan-activity;sid:84149378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.46.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286277/; classtype:trojan-activity;sid:84149377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.0.122.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286276/; classtype:trojan-activity;sid:84149376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.90.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286275/; classtype:trojan-activity;sid:84149375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.177.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286274/; classtype:trojan-activity;sid:84149374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.168.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286273/; classtype:trojan-activity;sid:84149373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.129.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286272/; classtype:trojan-activity;sid:84149372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.201.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286271/; classtype:trojan-activity;sid:84149371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.243.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286270/; classtype:trojan-activity;sid:84149370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.4.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286269/; classtype:trojan-activity;sid:84149369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.249.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286268/; classtype:trojan-activity;sid:84149368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286267/; classtype:trojan-activity;sid:84149367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.86.183.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286264/; classtype:trojan-activity;sid:84149364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286265/; classtype:trojan-activity;sid:84149365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.81.159.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286266/; classtype:trojan-activity;sid:84149366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.191.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286263/; classtype:trojan-activity;sid:84149363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.1.167"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286262/; classtype:trojan-activity;sid:84149362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.114.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286261/; classtype:trojan-activity;sid:84149361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.132.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286260/; classtype:trojan-activity;sid:84149360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.113.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286259/; classtype:trojan-activity;sid:84149359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.6.216"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286257/; classtype:trojan-activity;sid:84149357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.116.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286258/; classtype:trojan-activity;sid:84149358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.70.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286256/; classtype:trojan-activity;sid:84149356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.72.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286254/; classtype:trojan-activity;sid:84149354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.1.167"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286255/; classtype:trojan-activity;sid:84149355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.107.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286253/; classtype:trojan-activity;sid:84149353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286246)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.124.46.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286246/; classtype:trojan-activity;sid:84149346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286247)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.124.46.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286247/; classtype:trojan-activity;sid:84149347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286248)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"206.238.114.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286248/; classtype:trojan-activity;sid:84149348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286249)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"206.238.178.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286249/; classtype:trojan-activity;sid:84149349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286250)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.124.46.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286250/; classtype:trojan-activity;sid:84149350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286251)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.124.46.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286251/; classtype:trojan-activity;sid:84149351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286252)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.124.46.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286252/; classtype:trojan-activity;sid:84149352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286240)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.212.150.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286240/; classtype:trojan-activity;sid:84149340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286241)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.194.37.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286241/; classtype:trojan-activity;sid:84149341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286242)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.198.53.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286242/; classtype:trojan-activity;sid:84149342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286243)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.212.150.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286243/; classtype:trojan-activity;sid:84149343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286244)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.212.150.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286244/; classtype:trojan-activity;sid:84149344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286245)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"202.61.84.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286245/; classtype:trojan-activity;sid:84149345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286239)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"206.238.197.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286239/; classtype:trojan-activity;sid:84149339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.100.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286238/; classtype:trojan-activity;sid:84149338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.246.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286237/; classtype:trojan-activity;sid:84149337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.130.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286236/; classtype:trojan-activity;sid:84149336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.124.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286235/; classtype:trojan-activity;sid:84149335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.245.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286233/; classtype:trojan-activity;sid:84149333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286234)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286234/; classtype:trojan-activity;sid:84149334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286231)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.124.46.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286231/; classtype:trojan-activity;sid:84149331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286232)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.124.46.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286232/; classtype:trojan-activity;sid:84149332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286229)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"206.238.197.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286229/; classtype:trojan-activity;sid:84149329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286230)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"206.238.199.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286230/; classtype:trojan-activity;sid:84149330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286228)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"202.61.84.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286228/; classtype:trojan-activity;sid:84149328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286226)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"206.238.199.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286226/; classtype:trojan-activity;sid:84149326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286227)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"206.238.199.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286227/; classtype:trojan-activity;sid:84149327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.162.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286225/; classtype:trojan-activity;sid:84149325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.6.216"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286224/; classtype:trojan-activity;sid:84149324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.241.49.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286223/; classtype:trojan-activity;sid:84149323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.114.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286222/; classtype:trojan-activity;sid:84149322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.65.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286221/; classtype:trojan-activity;sid:84149321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.14.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286220/; classtype:trojan-activity;sid:84149320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.132.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286219/; classtype:trojan-activity;sid:84149319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.246.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286218/; classtype:trojan-activity;sid:84149318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.219.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286217/; classtype:trojan-activity;sid:84149317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.236.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286216/; classtype:trojan-activity;sid:84149316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.53.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286215/; classtype:trojan-activity;sid:84149315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.100.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286214/; classtype:trojan-activity;sid:84149314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.66.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286213/; classtype:trojan-activity;sid:84149313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286212)"; flow:established,from_client; content:"GET"; http_method; content:"/geek_se.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"47.236.122.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286212/; classtype:trojan-activity;sid:84149312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286211)"; flow:established,from_client; content:"GET"; http_method; content:"//transformationarthur.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.241.208.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286211/; classtype:trojan-activity;sid:84149311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286204)"; flow:established,from_client; content:"GET"; http_method; content:"/dutch.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286204/; classtype:trojan-activity;sid:84149304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286205)"; flow:established,from_client; content:"GET"; http_method; content:"/1010.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286205/; classtype:trojan-activity;sid:84149305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286206)"; flow:established,from_client; content:"GET"; http_method; content:"/xt.png"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286206/; classtype:trojan-activity;sid:84149306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286207)"; flow:established,from_client; content:"GET"; http_method; content:"/gold.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286207/; classtype:trojan-activity;sid:84149307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286208)"; flow:established,from_client; content:"GET"; http_method; content:"/oldxteam.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286208/; classtype:trojan-activity;sid:84149308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286209)"; flow:established,from_client; content:"GET"; http_method; content:"/sae.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286209/; classtype:trojan-activity;sid:84149309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286210)"; flow:established,from_client; content:"GET"; http_method; content:"//zharkbot.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.241.208.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286210/; classtype:trojan-activity;sid:84149310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.208.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286203/; classtype:trojan-activity;sid:84149303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286202)"; flow:established,from_client; content:"GET"; http_method; content:"/1010.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286202/; classtype:trojan-activity;sid:84149302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286199)"; flow:established,from_client; content:"GET"; http_method; content:"/gen0610wsf.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286199/; classtype:trojan-activity;sid:84149299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286200)"; flow:established,from_client; content:"GET"; http_method; content:"/ca.bat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286200/; classtype:trojan-activity;sid:84149300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286201)"; flow:established,from_client; content:"GET"; http_method; content:"/ai.png"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286201/; classtype:trojan-activity;sid:84149301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.92.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286198/; classtype:trojan-activity;sid:84149298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286196)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yjh97p7lckqbzymkvgigx_60sdauyyny"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286196/; classtype:trojan-activity;sid:84149296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286197)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1omveqtzefu0cmpxedidtmbkzk0lvqcdx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286197/; classtype:trojan-activity;sid:84149297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.236.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286195/; classtype:trojan-activity;sid:84149295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286194)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=126zvtis_umxhmhhrnkbzisz3tqzgyrv8"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286194/; classtype:trojan-activity;sid:84149294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286193)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hpjsxzvhlbqfoucxyrsqiy0r-c12gq_4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286193/; classtype:trojan-activity;sid:84149293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.227.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286192/; classtype:trojan-activity;sid:84149292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.124.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286191/; classtype:trojan-activity;sid:84149291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.125.241.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286190/; classtype:trojan-activity;sid:84149290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286188)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.117.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286188/; classtype:trojan-activity;sid:84149288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.39.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286189/; classtype:trojan-activity;sid:84149289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.132.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286187/; classtype:trojan-activity;sid:84149287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.175.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286186/; classtype:trojan-activity;sid:84149286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286185)"; flow:established,from_client; content:"GET"; http_method; content:"/155/vc/seethebestthingsneedtodowithgreatthingshappenedonheretosee.hta"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"192.3.193.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286185/; classtype:trojan-activity;sid:84149285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286184)"; flow:established,from_client; content:"GET"; http_method; content:"/155/brandthingswithgreatamazingthingshappened.tif"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"192.3.193.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286184/; classtype:trojan-activity;sid:84149284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286183/; classtype:trojan-activity;sid:84149283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286182)"; flow:established,from_client; content:"GET"; http_method; content:"/350/wcb/seethebstpricewithbestthinghappingwithgoodnews.hta"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"23.94.171.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286182/; classtype:trojan-activity;sid:84149282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286181)"; flow:established,from_client; content:"GET"; http_method; content:"/350/seethebestpicturewithgreatthingswithouthandlethethings.tif"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"23.94.171.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286181/; classtype:trojan-activity;sid:84149281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.40.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286180/; classtype:trojan-activity;sid:84149280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.217.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286179/; classtype:trojan-activity;sid:84149279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.79.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286178/; classtype:trojan-activity;sid:84149278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.96.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286177/; classtype:trojan-activity;sid:84149277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.6.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286176/; classtype:trojan-activity;sid:84149276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.242.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286174/; classtype:trojan-activity;sid:84149274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.136.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286175/; classtype:trojan-activity;sid:84149275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.227.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286173/; classtype:trojan-activity;sid:84149273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.220.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286172/; classtype:trojan-activity;sid:84149272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286171/; classtype:trojan-activity;sid:84149271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.246.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286170/; classtype:trojan-activity;sid:84149270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286167)"; flow:established,from_client; content:"GET"; http_method; content:"/svchot%20-%20%e5%89%af%e6%9c%ac.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"154.201.87.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286167/; classtype:trojan-activity;sid:84149267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286168)"; flow:established,from_client; content:"GET"; http_method; content:"/svchot.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.201.87.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286168/; classtype:trojan-activity;sid:84149268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286169)"; flow:established,from_client; content:"GET"; http_method; content:"//polymorphieres1109.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"62.60.236.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286169/; classtype:trojan-activity;sid:84149269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286166)"; flow:established,from_client; content:"GET"; http_method; content:"/svcyr.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.201.87.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286166/; classtype:trojan-activity;sid:84149266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.25.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286165/; classtype:trojan-activity;sid:84149265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.221.223.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286164/; classtype:trojan-activity;sid:84149264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.228.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286163/; classtype:trojan-activity;sid:84149263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.28.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286162/; classtype:trojan-activity;sid:84149262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.177.5.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286161/; classtype:trojan-activity;sid:84149261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.101.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286160/; classtype:trojan-activity;sid:84149260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.125.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286159/; classtype:trojan-activity;sid:84149259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.79.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286158/; classtype:trojan-activity;sid:84149258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.96.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286157/; classtype:trojan-activity;sid:84149257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.85.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286156/; classtype:trojan-activity;sid:84149256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.65.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286155/; classtype:trojan-activity;sid:84149255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.72.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286153/; classtype:trojan-activity;sid:84149253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.32.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286154/; classtype:trojan-activity;sid:84149254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.192.162.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286152/; classtype:trojan-activity;sid:84149252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.208.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286150/; classtype:trojan-activity;sid:84149250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.208.68.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286151/; classtype:trojan-activity;sid:84149251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.96.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286149/; classtype:trojan-activity;sid:84149249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.198.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286148/; classtype:trojan-activity;sid:84149248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.154.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286147/; classtype:trojan-activity;sid:84149247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.6.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286146/; classtype:trojan-activity;sid:84149246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286145)"; flow:established,from_client; content:"GET"; http_method; content:"/download/public/ghost_1.5.11.5.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"114.132.167.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286145/; classtype:trojan-activity;sid:84149245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286144)"; flow:established,from_client; content:"GET"; http_method; content:"/download/public/ghost.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"114.132.167.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286144/; classtype:trojan-activity;sid:84149244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286143)"; flow:established,from_client; content:"GET"; http_method; content:"/download/public/nb.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"114.132.167.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286143/; classtype:trojan-activity;sid:84149243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286142)"; flow:established,from_client; content:"GET"; http_method; content:"/download/public/sewanclt.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"114.132.167.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286142/; classtype:trojan-activity;sid:84149242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286140)"; flow:established,from_client; content:"GET"; http_method; content:"/download/public/installpg.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"114.132.167.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286140/; classtype:trojan-activity;sid:84149240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286141)"; flow:established,from_client; content:"GET"; http_method; content:"/download/public/ua.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"114.132.167.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286141/; classtype:trojan-activity;sid:84149241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286139)"; flow:established,from_client; content:"GET"; http_method; content:"/1.dll"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"143.92.62.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286139/; classtype:trojan-activity;sid:84149239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286138)"; flow:established,from_client; content:"GET"; http_method; content:"/runtimebroker.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"143.92.62.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286138/; classtype:trojan-activity;sid:84149238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.100.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286137/; classtype:trojan-activity;sid:84149237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.75.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286136/; classtype:trojan-activity;sid:84149236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.83.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286135/; classtype:trojan-activity;sid:84149235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.28.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286134/; classtype:trojan-activity;sid:84149234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.217.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286133/; classtype:trojan-activity;sid:84149233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.192.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286132/; classtype:trojan-activity;sid:84149232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.245.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286131/; classtype:trojan-activity;sid:84149231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.31.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286129/; classtype:trojan-activity;sid:84149229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.32.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286130/; classtype:trojan-activity;sid:84149230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.72.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286128/; classtype:trojan-activity;sid:84149228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.118.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286127/; classtype:trojan-activity;sid:84149227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.169.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286126/; classtype:trojan-activity;sid:84149226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286125)"; flow:established,from_client; content:"GET"; http_method; content:"/astraloader.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"15.188.60.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286125/; classtype:trojan-activity;sid:84149225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286124)"; flow:established,from_client; content:"GET"; http_method; content:"/espsemhvcioff.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"109.110.184.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286124/; classtype:trojan-activity;sid:84149224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286122)"; flow:established,from_client; content:"GET"; http_method; content:"/esphvcion.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"109.110.184.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286122/; classtype:trojan-activity;sid:84149222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286123)"; flow:established,from_client; content:"GET"; http_method; content:"/aimhvcion.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"109.110.184.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286123/; classtype:trojan-activity;sid:84149223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286121)"; flow:established,from_client; content:"GET"; http_method; content:"/aimsemhvcioff.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"109.110.184.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286121/; classtype:trojan-activity;sid:84149221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286120)"; flow:established,from_client; content:"GET"; http_method; content:"/djksahjkdhkh.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"109.110.184.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286120/; classtype:trojan-activity;sid:84149220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286118)"; flow:established,from_client; content:"GET"; http_method; content:"/dkasjhajksdhdjkas.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"109.110.184.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286118/; classtype:trojan-activity;sid:84149218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286119)"; flow:established,from_client; content:"GET"; http_method; content:"/runtimebrikon.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"109.110.184.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286119/; classtype:trojan-activity;sid:84149219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286117)"; flow:established,from_client; content:"GET"; http_method; content:"/sjkhjkh.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"109.110.184.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286117/; classtype:trojan-activity;sid:84149217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286115)"; flow:established,from_client; content:"GET"; http_method; content:"/jdkashk.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"109.110.184.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286115/; classtype:trojan-activity;sid:84149215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286116)"; flow:established,from_client; content:"GET"; http_method; content:"/s3.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.218.7.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286116/; classtype:trojan-activity;sid:84149216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286114)"; flow:established,from_client; content:"GET"; http_method; content:"/anti.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a1050330.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286114/; classtype:trojan-activity;sid:84149214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286113)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.23.96.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286113/; classtype:trojan-activity;sid:84149213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286112)"; flow:established,from_client; content:"GET"; http_method; content:"/download/bootstrapperv1.19.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.200.220.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286112/; classtype:trojan-activity;sid:84149212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286111)"; flow:established,from_client; content:"GET"; http_method; content:"/download/dlhost.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.200.220.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286111/; classtype:trojan-activity;sid:84149211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.64.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286110/; classtype:trojan-activity;sid:84149210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.197.170.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286109/; classtype:trojan-activity;sid:84149209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.129.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286108/; classtype:trojan-activity;sid:84149208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.23.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286107/; classtype:trojan-activity;sid:84149207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.62.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286106/; classtype:trojan-activity;sid:84149206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.212.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286105/; classtype:trojan-activity;sid:84149205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.67.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286104/; classtype:trojan-activity;sid:84149204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.175.206.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286103/; classtype:trojan-activity;sid:84149203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.6.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286102/; classtype:trojan-activity;sid:84149202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.154.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286101/; classtype:trojan-activity;sid:84149201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.16.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286100/; classtype:trojan-activity;sid:84149200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.83.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286099/; classtype:trojan-activity;sid:84149199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.113.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286098/; classtype:trojan-activity;sid:84149198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286097)"; flow:established,from_client; content:"GET"; http_method; content:"/aujbbt.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.241.208.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286097/; classtype:trojan-activity;sid:84149197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286096)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ha7dur10.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286096/; classtype:trojan-activity;sid:84149196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286094)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gaozw40v.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286094/; classtype:trojan-activity;sid:84149194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286095)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/41m98slk.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286095/; classtype:trojan-activity;sid:84149195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286093)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/88851n80.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286093/; classtype:trojan-activity;sid:84149193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286091)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/99awhy8l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286091/; classtype:trojan-activity;sid:84149191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286092)"; flow:established,from_client; content:"GET"; http_method; content:"/mjpvghw.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286092/; classtype:trojan-activity;sid:84149192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286090)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2r61ahry.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286090/; classtype:trojan-activity;sid:84149190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286088)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/cred64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286088/; classtype:trojan-activity;sid:84149188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286089)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/cred.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286089/; classtype:trojan-activity;sid:84149189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286087)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/clip.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286087/; classtype:trojan-activity;sid:84149187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286086)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/clip64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286086/; classtype:trojan-activity;sid:84149186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286085/; classtype:trojan-activity;sid:84149185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.99.173"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286084/; classtype:trojan-activity;sid:84149184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.165.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286083/; classtype:trojan-activity;sid:84149183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286082)"; flow:established,from_client; content:"GET"; http_method; content:"/davwwwroot/255112432526044.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"94.159.113.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286082/; classtype:trojan-activity;sid:84149182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286081)"; flow:established,from_client; content:"GET"; http_method; content:"/venkovisual/loli-mod/refs/heads/main/asyncclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286081/; classtype:trojan-activity;sid:84149181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286080)"; flow:established,from_client; content:"GET"; http_method; content:"/nexus/bypass3/adb.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"updatenexus.org.tc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286080/; classtype:trojan-activity;sid:84149180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286078)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.23.96.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286078/; classtype:trojan-activity;sid:84149178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286079)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.23.96.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286079/; classtype:trojan-activity;sid:84149179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"69.129.18.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286077/; classtype:trojan-activity;sid:84149177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.2.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286076/; classtype:trojan-activity;sid:84149176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286075)"; flow:established,from_client; content:"GET"; http_method; content:"/lnbpkdhz223.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"93.123.109.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286075/; classtype:trojan-activity;sid:84149175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.143.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286074/; classtype:trojan-activity;sid:84149174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.118.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286072/; classtype:trojan-activity;sid:84149172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286073)"; flow:established,from_client; content:"GET"; http_method; content:"/jiddxp45.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.149.234.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286073/; classtype:trojan-activity;sid:84149173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286071)"; flow:established,from_client; content:"GET"; http_method; content:"/jdteoelbktvbmw239.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.92.120.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286071/; classtype:trojan-activity;sid:84149171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.175.206.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286069/; classtype:trojan-activity;sid:84149169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.54.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286070/; classtype:trojan-activity;sid:84149170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.91.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286068/; classtype:trojan-activity;sid:84149168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286066)"; flow:established,from_client; content:"GET"; http_method; content:"/hello.github.io/info.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"authmex.github.io"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286066/; classtype:trojan-activity;sid:84149166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286067)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-reverse-shell/main/shellcode.bin"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286067/; classtype:trojan-activity;sid:84149167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286065)"; flow:established,from_client; content:"GET"; http_method; content:"/showqa/xt/refs/heads/main/shellcodeany.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286065/; classtype:trojan-activity;sid:84149165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286064)"; flow:established,from_client; content:"GET"; http_method; content:"/main/shell.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"encrypthub.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286064/; classtype:trojan-activity;sid:84149164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286063)"; flow:established,from_client; content:"GET"; http_method; content:"/photobase64.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.213.134.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286063/; classtype:trojan-activity;sid:84149163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286062)"; flow:established,from_client; content:"GET"; http_method; content:"/woord02/nigga/raw/refs/heads/main/majesticexec.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286062/; classtype:trojan-activity;sid:84149162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286060)"; flow:established,from_client; content:"GET"; http_method; content:"/925.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"121.62.18.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286060/; classtype:trojan-activity;sid:84149160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286061)"; flow:established,from_client; content:"GET"; http_method; content:"/927.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"121.62.18.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286061/; classtype:trojan-activity;sid:84149161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286056)"; flow:established,from_client; content:"GET"; http_method; content:"/lumber.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"54.158.34.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286056/; classtype:trojan-activity;sid:84149156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.151.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286057/; classtype:trojan-activity;sid:84149157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286058)"; flow:established,from_client; content:"GET"; http_method; content:"/showqa/xt/raw/refs/heads/main/shellcodeany.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286058/; classtype:trojan-activity;sid:84149158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.60.180.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286059/; classtype:trojan-activity;sid:84149159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.208.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286055/; classtype:trojan-activity;sid:84149155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.232.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286054/; classtype:trojan-activity;sid:84149154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.191.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286053/; classtype:trojan-activity;sid:84149153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.45.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286052/; classtype:trojan-activity;sid:84149152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.101.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286051/; classtype:trojan-activity;sid:84149151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.44.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286050/; classtype:trojan-activity;sid:84149150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.111.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286049/; classtype:trojan-activity;sid:84149149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.40.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286047/; classtype:trojan-activity;sid:84149147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.44.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286048/; classtype:trojan-activity;sid:84149148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.71.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286046/; classtype:trojan-activity;sid:84149146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286044/; classtype:trojan-activity;sid:84149144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.116.192.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286045/; classtype:trojan-activity;sid:84149145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286043/; classtype:trojan-activity;sid:84149143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.96.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286042/; classtype:trojan-activity;sid:84149142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.174.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286041/; classtype:trojan-activity;sid:84149141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.80.32.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286040/; classtype:trojan-activity;sid:84149140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.127.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286039/; classtype:trojan-activity;sid:84149139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.23.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286038/; classtype:trojan-activity;sid:84149138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.97.163.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286037/; classtype:trojan-activity;sid:84149137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.63.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286035/; classtype:trojan-activity;sid:84149135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.134.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286036/; classtype:trojan-activity;sid:84149136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.64.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286033/; classtype:trojan-activity;sid:84149133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.18.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286034/; classtype:trojan-activity;sid:84149134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.68.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286032/; classtype:trojan-activity;sid:84149132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.235.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286030/; classtype:trojan-activity;sid:84149130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.192.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286031/; classtype:trojan-activity;sid:84149131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.130.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286029/; classtype:trojan-activity;sid:84149129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.44.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286028/; classtype:trojan-activity;sid:84149128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.100.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286027/; classtype:trojan-activity;sid:84149127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.196.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286026/; classtype:trojan-activity;sid:84149126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.60.180.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286025/; classtype:trojan-activity;sid:84149125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.82.197.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286024/; classtype:trojan-activity;sid:84149124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.228.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286023/; classtype:trojan-activity;sid:84149123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.152.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286022/; classtype:trojan-activity;sid:84149122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.2.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286021/; classtype:trojan-activity;sid:84149121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.56.246.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286020/; classtype:trojan-activity;sid:84149120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286019/; classtype:trojan-activity;sid:84149119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.206.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286018/; classtype:trojan-activity;sid:84149118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.71.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286017/; classtype:trojan-activity;sid:84149117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.70.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286016/; classtype:trojan-activity;sid:84149116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.245.2.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286015/; classtype:trojan-activity;sid:84149115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.77.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286013/; classtype:trojan-activity;sid:84149113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.180.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286014/; classtype:trojan-activity;sid:84149114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.228.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286010/; classtype:trojan-activity;sid:84149110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.22.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286011/; classtype:trojan-activity;sid:84149111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.112.76.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286012/; classtype:trojan-activity;sid:84149112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.203.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286009/; classtype:trojan-activity;sid:84149109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.58.23.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286008/; classtype:trojan-activity;sid:84149108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.7.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286007/; classtype:trojan-activity;sid:84149107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.197.174.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286006/; classtype:trojan-activity;sid:84149106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.95.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286005/; classtype:trojan-activity;sid:84149105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.233.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286004/; classtype:trojan-activity;sid:84149104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.112.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286003/; classtype:trojan-activity;sid:84149103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.196.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286002/; classtype:trojan-activity;sid:84149102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.193.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286001/; classtype:trojan-activity;sid:84149101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.229.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286000/; classtype:trojan-activity;sid:84149100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.97.163.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285999/; classtype:trojan-activity;sid:84149099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.68.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285998/; classtype:trojan-activity;sid:84149098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.163.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285997/; classtype:trojan-activity;sid:84149097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.66.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285996/; classtype:trojan-activity;sid:84149096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.183.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285994/; classtype:trojan-activity;sid:84149094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.31.201.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285995/; classtype:trojan-activity;sid:84149095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.123.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285993/; classtype:trojan-activity;sid:84149093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.26.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285992/; classtype:trojan-activity;sid:84149092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.220.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285991/; classtype:trojan-activity;sid:84149091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.70.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285990/; classtype:trojan-activity;sid:84149090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.77.40.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285989/; classtype:trojan-activity;sid:84149089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.245.2.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285988/; classtype:trojan-activity;sid:84149088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.152.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285987/; classtype:trojan-activity;sid:84149087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.100.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285986/; classtype:trojan-activity;sid:84149086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285985/; classtype:trojan-activity;sid:84149085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.111.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285984/; classtype:trojan-activity;sid:84149084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.5.36.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285983/; classtype:trojan-activity;sid:84149083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.22.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285982/; classtype:trojan-activity;sid:84149082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.31.201.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285981/; classtype:trojan-activity;sid:84149081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285980/; classtype:trojan-activity;sid:84149080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.30.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285979/; classtype:trojan-activity;sid:84149079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.31.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285978/; classtype:trojan-activity;sid:84149078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.219.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285977/; classtype:trojan-activity;sid:84149077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.13.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285976/; classtype:trojan-activity;sid:84149076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.79.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285975/; classtype:trojan-activity;sid:84149075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.228.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285974/; classtype:trojan-activity;sid:84149074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.109.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285973/; classtype:trojan-activity;sid:84149073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.167.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285972/; classtype:trojan-activity;sid:84149072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.22.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285971/; classtype:trojan-activity;sid:84149071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.149.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285970/; classtype:trojan-activity;sid:84149070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285968)"; flow:established,from_client; content:"GET"; http_method; content:"/4b4e7c1351c9e2eb/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.88.76.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285968/; classtype:trojan-activity;sid:84149068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285969)"; flow:established,from_client; content:"GET"; http_method; content:"/4b4e7c1351c9e2eb/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.88.76.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285969/; classtype:trojan-activity;sid:84149069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285965)"; flow:established,from_client; content:"GET"; http_method; content:"/4b4e7c1351c9e2eb/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.88.76.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285965/; classtype:trojan-activity;sid:84149065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285966)"; flow:established,from_client; content:"GET"; http_method; content:"/4b4e7c1351c9e2eb/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.88.76.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285966/; classtype:trojan-activity;sid:84149066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285967)"; flow:established,from_client; content:"GET"; http_method; content:"/4b4e7c1351c9e2eb/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.88.76.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285967/; classtype:trojan-activity;sid:84149067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.13.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285964/; classtype:trojan-activity;sid:84149064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285962)"; flow:established,from_client; content:"GET"; http_method; content:"/4b4e7c1351c9e2eb/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.88.76.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285962/; classtype:trojan-activity;sid:84149062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285963)"; flow:established,from_client; content:"GET"; http_method; content:"/4b4e7c1351c9e2eb/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.88.76.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285963/; classtype:trojan-activity;sid:84149063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.165.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285961/; classtype:trojan-activity;sid:84149061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.229.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285960/; classtype:trojan-activity;sid:84149060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.115.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285959/; classtype:trojan-activity;sid:84149059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285958/; classtype:trojan-activity;sid:84149058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.21.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285957/; classtype:trojan-activity;sid:84149057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.141.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285956/; classtype:trojan-activity;sid:84149056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.59.251.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285954/; classtype:trojan-activity;sid:84149054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.54.88.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285955/; classtype:trojan-activity;sid:84149055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.55.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285953/; classtype:trojan-activity;sid:84149053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.179.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285952/; classtype:trojan-activity;sid:84149052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.22.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285951/; classtype:trojan-activity;sid:84149051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.169.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285950/; classtype:trojan-activity;sid:84149050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.19.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285949/; classtype:trojan-activity;sid:84149049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285947/; classtype:trojan-activity;sid:84149047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.209.16.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285948/; classtype:trojan-activity;sid:84149048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.66.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285946/; classtype:trojan-activity;sid:84149046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.58.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285945/; classtype:trojan-activity;sid:84149045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.120.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285944/; classtype:trojan-activity;sid:84149044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.235.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285943/; classtype:trojan-activity;sid:84149043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.78.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285942/; classtype:trojan-activity;sid:84149042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.167.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285941/; classtype:trojan-activity;sid:84149041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.8.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285940/; classtype:trojan-activity;sid:84149040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.248.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285939/; classtype:trojan-activity;sid:84149039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.19.249.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285938/; classtype:trojan-activity;sid:84149038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.115.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285937/; classtype:trojan-activity;sid:84149037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285936/; classtype:trojan-activity;sid:84149036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.181.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285935/; classtype:trojan-activity;sid:84149035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.154.17.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285934/; classtype:trojan-activity;sid:84149034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.117.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285933/; classtype:trojan-activity;sid:84149033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.175.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285932/; classtype:trojan-activity;sid:84149032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.144.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285931/; classtype:trojan-activity;sid:84149031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285930/; classtype:trojan-activity;sid:84149030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.210.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285929/; classtype:trojan-activity;sid:84149029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.50.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285928/; classtype:trojan-activity;sid:84149028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.179.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285927/; classtype:trojan-activity;sid:84149027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285926)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.19.139.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285926/; classtype:trojan-activity;sid:84149026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.168.88.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285925/; classtype:trojan-activity;sid:84149025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.45.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285924/; classtype:trojan-activity;sid:84149024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.199.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285923/; classtype:trojan-activity;sid:84149023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.255.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285922/; classtype:trojan-activity;sid:84149022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.78.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285921/; classtype:trojan-activity;sid:84149021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.97.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285920/; classtype:trojan-activity;sid:84149020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.169.234.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285919/; classtype:trojan-activity;sid:84149019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.6.51"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285918/; classtype:trojan-activity;sid:84149018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.4.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285916/; classtype:trojan-activity;sid:84149016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.55.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285917/; classtype:trojan-activity;sid:84149017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.214.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285915/; classtype:trojan-activity;sid:84149015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.145.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285914/; classtype:trojan-activity;sid:84149014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.167.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285913/; classtype:trojan-activity;sid:84149013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.84.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285912/; classtype:trojan-activity;sid:84149012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.140.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285911/; classtype:trojan-activity;sid:84149011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.149.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285909/; classtype:trojan-activity;sid:84149009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.129.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285910/; classtype:trojan-activity;sid:84149010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285908/; classtype:trojan-activity;sid:84149008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.244.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285907/; classtype:trojan-activity;sid:84149007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.181.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285906/; classtype:trojan-activity;sid:84149006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.31.189.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285904/; classtype:trojan-activity;sid:84149004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.174.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285905/; classtype:trojan-activity;sid:84149005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285903)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.85.178"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285903/; classtype:trojan-activity;sid:84149003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.7.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285902/; classtype:trojan-activity;sid:84149002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.201.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285901/; classtype:trojan-activity;sid:84149001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.242.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285900/; classtype:trojan-activity;sid:84149000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.9.101"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285898/; classtype:trojan-activity;sid:84148998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.116.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285899/; classtype:trojan-activity;sid:84148999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.96.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285897/; classtype:trojan-activity;sid:84148997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.79.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285895/; classtype:trojan-activity;sid:84148995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.30.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285896/; classtype:trojan-activity;sid:84148996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285894/; classtype:trojan-activity;sid:84148994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.55.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285893/; classtype:trojan-activity;sid:84148993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.214.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285892/; classtype:trojan-activity;sid:84148992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285891/; classtype:trojan-activity;sid:84148991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.185.200.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285890/; classtype:trojan-activity;sid:84148990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.4.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285889/; classtype:trojan-activity;sid:84148989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.154.17.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285888/; classtype:trojan-activity;sid:84148988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.244.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285887/; classtype:trojan-activity;sid:84148987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.174.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285886/; classtype:trojan-activity;sid:84148986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.104.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285885/; classtype:trojan-activity;sid:84148985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.44.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285884/; classtype:trojan-activity;sid:84148984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.96.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285883/; classtype:trojan-activity;sid:84148983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.140.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285882/; classtype:trojan-activity;sid:84148982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.84.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285881/; classtype:trojan-activity;sid:84148981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.175.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285880/; classtype:trojan-activity;sid:84148980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.186.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285879/; classtype:trojan-activity;sid:84148979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.30.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285878/; classtype:trojan-activity;sid:84148978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.142.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285877/; classtype:trojan-activity;sid:84148977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.182.166.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285876/; classtype:trojan-activity;sid:84148976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.177.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285875/; classtype:trojan-activity;sid:84148975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285874/; classtype:trojan-activity;sid:84148974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.8.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285873/; classtype:trojan-activity;sid:84148973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.196.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285872/; classtype:trojan-activity;sid:84148972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.234.247.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285871/; classtype:trojan-activity;sid:84148971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.77.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285870/; classtype:trojan-activity;sid:84148970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.193.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285869/; classtype:trojan-activity;sid:84148969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.116.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285868/; classtype:trojan-activity;sid:84148968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.242.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285867/; classtype:trojan-activity;sid:84148967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.26.235.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285866/; classtype:trojan-activity;sid:84148966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.236.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285865/; classtype:trojan-activity;sid:84148965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.54.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285864/; classtype:trojan-activity;sid:84148964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.105.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285863/; classtype:trojan-activity;sid:84148963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.70.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285862/; classtype:trojan-activity;sid:84148962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.220.162.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285861/; classtype:trojan-activity;sid:84148961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.255.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285858/; classtype:trojan-activity;sid:84148958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.55.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285859/; classtype:trojan-activity;sid:84148959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.109.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285860/; classtype:trojan-activity;sid:84148960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.209.16.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285857/; classtype:trojan-activity;sid:84148957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.206.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285856/; classtype:trojan-activity;sid:84148956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.140.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285855/; classtype:trojan-activity;sid:84148955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.100.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285854/; classtype:trojan-activity;sid:84148954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.96.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285853/; classtype:trojan-activity;sid:84148953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.227.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285851/; classtype:trojan-activity;sid:84148951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.196.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285852/; classtype:trojan-activity;sid:84148952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.50.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285850/; classtype:trojan-activity;sid:84148950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.56.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285849/; classtype:trojan-activity;sid:84148949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.160.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285848/; classtype:trojan-activity;sid:84148948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285847)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.0.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285847/; classtype:trojan-activity;sid:84148947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.193.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285846/; classtype:trojan-activity;sid:84148946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.221.222.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285844/; classtype:trojan-activity;sid:84148944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.141.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285845/; classtype:trojan-activity;sid:84148945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.96.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285843/; classtype:trojan-activity;sid:84148943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285842)"; flow:established,from_client; content:"GET"; http_method; content:"/tyo.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.233.65.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285842/; classtype:trojan-activity;sid:84148942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.169.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285841/; classtype:trojan-activity;sid:84148941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.44.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285840/; classtype:trojan-activity;sid:84148940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.234.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285839/; classtype:trojan-activity;sid:84148939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.89.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285837/; classtype:trojan-activity;sid:84148937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.177.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285838/; classtype:trojan-activity;sid:84148938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.247.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285836/; classtype:trojan-activity;sid:84148936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.26.235.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285835/; classtype:trojan-activity;sid:84148935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.225.120.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285834/; classtype:trojan-activity;sid:84148934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285833/; classtype:trojan-activity;sid:84148933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.190.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285832/; classtype:trojan-activity;sid:84148932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.22.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285831/; classtype:trojan-activity;sid:84148931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.40.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285830/; classtype:trojan-activity;sid:84148930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.94.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285829/; classtype:trojan-activity;sid:84148929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.56.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285828/; classtype:trojan-activity;sid:84148928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.55.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285827/; classtype:trojan-activity;sid:84148927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.70.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285826/; classtype:trojan-activity;sid:84148926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.227.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285825/; classtype:trojan-activity;sid:84148925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.235.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285824/; classtype:trojan-activity;sid:84148924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.141.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285823/; classtype:trojan-activity;sid:84148923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.255.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285822/; classtype:trojan-activity;sid:84148922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.96.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285821/; classtype:trojan-activity;sid:84148921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.231.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285820/; classtype:trojan-activity;sid:84148920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.80.82.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285819/; classtype:trojan-activity;sid:84148919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.190.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285818/; classtype:trojan-activity;sid:84148918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.143.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285816/; classtype:trojan-activity;sid:84148916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.231.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285817/; classtype:trojan-activity;sid:84148917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.213.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285815/; classtype:trojan-activity;sid:84148915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.160.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285814/; classtype:trojan-activity;sid:84148914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.196.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285813/; classtype:trojan-activity;sid:84148913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.10.199.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285811/; classtype:trojan-activity;sid:84148911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.174.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285812/; classtype:trojan-activity;sid:84148912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.75.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285810/; classtype:trojan-activity;sid:84148910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.59.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285808/; classtype:trojan-activity;sid:84148908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.146.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285809/; classtype:trojan-activity;sid:84148909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.196.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285806/; classtype:trojan-activity;sid:84148906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.162.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285807/; classtype:trojan-activity;sid:84148907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.114.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285805/; classtype:trojan-activity;sid:84148905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285804/; classtype:trojan-activity;sid:84148904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.155.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285803/; classtype:trojan-activity;sid:84148903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.71.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285802/; classtype:trojan-activity;sid:84148902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.89.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285801/; classtype:trojan-activity;sid:84148901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.109.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285800/; classtype:trojan-activity;sid:84148900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.174.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285799/; classtype:trojan-activity;sid:84148899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.224.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285795/; classtype:trojan-activity;sid:84148895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.94.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285796/; classtype:trojan-activity;sid:84148896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.42.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285797/; classtype:trojan-activity;sid:84148897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.196.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285798/; classtype:trojan-activity;sid:84148898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.62.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285794/; classtype:trojan-activity;sid:84148894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.106.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285793/; classtype:trojan-activity;sid:84148893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.214.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285792/; classtype:trojan-activity;sid:84148892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.113.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285791/; classtype:trojan-activity;sid:84148891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.61.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285790/; classtype:trojan-activity;sid:84148890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.109.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285789/; classtype:trojan-activity;sid:84148889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.36.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285788/; classtype:trojan-activity;sid:84148888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.178.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285787/; classtype:trojan-activity;sid:84148887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.234.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285786/; classtype:trojan-activity;sid:84148886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.103.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285785/; classtype:trojan-activity;sid:84148885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.85.55.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285784/; classtype:trojan-activity;sid:84148884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.92.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285783/; classtype:trojan-activity;sid:84148883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.55.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285782/; classtype:trojan-activity;sid:84148882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.155.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285781/; classtype:trojan-activity;sid:84148881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.214.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285780/; classtype:trojan-activity;sid:84148880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285779/; classtype:trojan-activity;sid:84148879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.116.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285778/; classtype:trojan-activity;sid:84148878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.253.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285777/; classtype:trojan-activity;sid:84148877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.180.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285776/; classtype:trojan-activity;sid:84148876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.51.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285775/; classtype:trojan-activity;sid:84148875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.71.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285774/; classtype:trojan-activity;sid:84148874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.170.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285773/; classtype:trojan-activity;sid:84148873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285772/; classtype:trojan-activity;sid:84148872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.65.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285771/; classtype:trojan-activity;sid:84148871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285770/; classtype:trojan-activity;sid:84148870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.22.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285769/; classtype:trojan-activity;sid:84148869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.223.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285768/; classtype:trojan-activity;sid:84148868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.7.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285767/; classtype:trojan-activity;sid:84148867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.26.252"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285766/; classtype:trojan-activity;sid:84148866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.220.12.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285765/; classtype:trojan-activity;sid:84148865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.228.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285764/; classtype:trojan-activity;sid:84148864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.245.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285763/; classtype:trojan-activity;sid:84148863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.179.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285762/; classtype:trojan-activity;sid:84148862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.118.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285760/; classtype:trojan-activity;sid:84148860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285761/; classtype:trojan-activity;sid:84148861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.234.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285759/; classtype:trojan-activity;sid:84148859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.73.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285758/; classtype:trojan-activity;sid:84148858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.213.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285756/; classtype:trojan-activity;sid:84148856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.182.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285757/; classtype:trojan-activity;sid:84148857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.54.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285755/; classtype:trojan-activity;sid:84148855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.214.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285754/; classtype:trojan-activity;sid:84148854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.83.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285753/; classtype:trojan-activity;sid:84148853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.101.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285752/; classtype:trojan-activity;sid:84148852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.215.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285751/; classtype:trojan-activity;sid:84148851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.89.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285750/; classtype:trojan-activity;sid:84148850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.29.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285749/; classtype:trojan-activity;sid:84148849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.253.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285748/; classtype:trojan-activity;sid:84148848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.253.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285747/; classtype:trojan-activity;sid:84148847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.178.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285746/; classtype:trojan-activity;sid:84148846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.112.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285745/; classtype:trojan-activity;sid:84148845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.65.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285744/; classtype:trojan-activity;sid:84148844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.9.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285743/; classtype:trojan-activity;sid:84148843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.166.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285742/; classtype:trojan-activity;sid:84148842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.250.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285741/; classtype:trojan-activity;sid:84148841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.240.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285740/; classtype:trojan-activity;sid:84148840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.179.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285739/; classtype:trojan-activity;sid:84148839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.236.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285738/; classtype:trojan-activity;sid:84148838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.182.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285737/; classtype:trojan-activity;sid:84148837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.20.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285736/; classtype:trojan-activity;sid:84148836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.158.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285735/; classtype:trojan-activity;sid:84148835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.213.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285734/; classtype:trojan-activity;sid:84148834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.214.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285733/; classtype:trojan-activity;sid:84148833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.213.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285732/; classtype:trojan-activity;sid:84148832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.85.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285731/; classtype:trojan-activity;sid:84148831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.227.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285730/; classtype:trojan-activity;sid:84148830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.182.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285729/; classtype:trojan-activity;sid:84148829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.178.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285728/; classtype:trojan-activity;sid:84148828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.47.85.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285726/; classtype:trojan-activity;sid:84148826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.44.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285727/; classtype:trojan-activity;sid:84148827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.39.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285725/; classtype:trojan-activity;sid:84148825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.50.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285724/; classtype:trojan-activity;sid:84148824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.191.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285723/; classtype:trojan-activity;sid:84148823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.118.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285722/; classtype:trojan-activity;sid:84148822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.44.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285721/; classtype:trojan-activity;sid:84148821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.181.108.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285720/; classtype:trojan-activity;sid:84148820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.166.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285718/; classtype:trojan-activity;sid:84148818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.159.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285719/; classtype:trojan-activity;sid:84148819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.191.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285717/; classtype:trojan-activity;sid:84148817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.73.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285716/; classtype:trojan-activity;sid:84148816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.126.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285715/; classtype:trojan-activity;sid:84148815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.33.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285714/; classtype:trojan-activity;sid:84148814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285713/; classtype:trojan-activity;sid:84148813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.178.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285712/; classtype:trojan-activity;sid:84148812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.213.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285711/; classtype:trojan-activity;sid:84148811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285710/; classtype:trojan-activity;sid:84148810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.112.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285709/; classtype:trojan-activity;sid:84148809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.142.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285708/; classtype:trojan-activity;sid:84148808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.16.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285707/; classtype:trojan-activity;sid:84148807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.196.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285706/; classtype:trojan-activity;sid:84148806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.241.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285705/; classtype:trojan-activity;sid:84148805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.123.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285704/; classtype:trojan-activity;sid:84148804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.237.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285703/; classtype:trojan-activity;sid:84148803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.144.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285702/; classtype:trojan-activity;sid:84148802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.181.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285701/; classtype:trojan-activity;sid:84148801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.234.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285700/; classtype:trojan-activity;sid:84148800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.39.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285698/; classtype:trojan-activity;sid:84148798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.174.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285699/; classtype:trojan-activity;sid:84148799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.47.85.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285697/; classtype:trojan-activity;sid:84148797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.133.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285696/; classtype:trojan-activity;sid:84148796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.112.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285695/; classtype:trojan-activity;sid:84148795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.105.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285694/; classtype:trojan-activity;sid:84148794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.88.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285692/; classtype:trojan-activity;sid:84148792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.24.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285693/; classtype:trojan-activity;sid:84148793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.28.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285691/; classtype:trojan-activity;sid:84148791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285689/; classtype:trojan-activity;sid:84148789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.44.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285690/; classtype:trojan-activity;sid:84148790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.126.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285688/; classtype:trojan-activity;sid:84148788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.5.110"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285687/; classtype:trojan-activity;sid:84148787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.126.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285686/; classtype:trojan-activity;sid:84148786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.128.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285685/; classtype:trojan-activity;sid:84148785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.174.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285684/; classtype:trojan-activity;sid:84148784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.79.113.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285683/; classtype:trojan-activity;sid:84148783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.205.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285682/; classtype:trojan-activity;sid:84148782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.8.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285681/; classtype:trojan-activity;sid:84148781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.67.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285680/; classtype:trojan-activity;sid:84148780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.188.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285679/; classtype:trojan-activity;sid:84148779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.25.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285677/; classtype:trojan-activity;sid:84148777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.42.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285678/; classtype:trojan-activity;sid:84148778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.176.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285676/; classtype:trojan-activity;sid:84148776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.39.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285675/; classtype:trojan-activity;sid:84148775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.211.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285674/; classtype:trojan-activity;sid:84148774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.28.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285672/; classtype:trojan-activity;sid:84148772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.103.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285673/; classtype:trojan-activity;sid:84148773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.32.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285671/; classtype:trojan-activity;sid:84148771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.74.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285670/; classtype:trojan-activity;sid:84148770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.205.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285669/; classtype:trojan-activity;sid:84148769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.240.18.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285668/; classtype:trojan-activity;sid:84148768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.42.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285667/; classtype:trojan-activity;sid:84148767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.8.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285666/; classtype:trojan-activity;sid:84148766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.55.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285665/; classtype:trojan-activity;sid:84148765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.241.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285663/; classtype:trojan-activity;sid:84148763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.30.116.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285664/; classtype:trojan-activity;sid:84148764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.182.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285662/; classtype:trojan-activity;sid:84148762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.42.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285661/; classtype:trojan-activity;sid:84148761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.176.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285660/; classtype:trojan-activity;sid:84148760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.36.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285659/; classtype:trojan-activity;sid:84148759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.238.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285658/; classtype:trojan-activity;sid:84148758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.210.232.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285657/; classtype:trojan-activity;sid:84148757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.25.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285656/; classtype:trojan-activity;sid:84148756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.71.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285655/; classtype:trojan-activity;sid:84148755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.103.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285652/; classtype:trojan-activity;sid:84148752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.116.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285653/; classtype:trojan-activity;sid:84148753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.88.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285654/; classtype:trojan-activity;sid:84148754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.255.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285651/; classtype:trojan-activity;sid:84148751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.63.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285650/; classtype:trojan-activity;sid:84148750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.248.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285649/; classtype:trojan-activity;sid:84148749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.182.166.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285648/; classtype:trojan-activity;sid:84148748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.164.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285646/; classtype:trojan-activity;sid:84148746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285647/; classtype:trojan-activity;sid:84148747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.162.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285645/; classtype:trojan-activity;sid:84148745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285644/; classtype:trojan-activity;sid:84148744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.180.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285643/; classtype:trojan-activity;sid:84148743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.110.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285642/; classtype:trojan-activity;sid:84148742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.57.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285641/; classtype:trojan-activity;sid:84148741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.156.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285640/; classtype:trojan-activity;sid:84148740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.228.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285639/; classtype:trojan-activity;sid:84148739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.20.3.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285638/; classtype:trojan-activity;sid:84148738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.124.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285637/; classtype:trojan-activity;sid:84148737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.55.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285634/; classtype:trojan-activity;sid:84148734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.89.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285635/; classtype:trojan-activity;sid:84148735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.92.247.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285636/; classtype:trojan-activity;sid:84148736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.175.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285632/; classtype:trojan-activity;sid:84148732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.217.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285633/; classtype:trojan-activity;sid:84148733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.10.199.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285631/; classtype:trojan-activity;sid:84148731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285630)"; flow:established,from_client; content:"GET"; http_method; content:"/gotocheckout"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"adqw.accounting.bridgemastersllc.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285630/; classtype:trojan-activity;sid:84148730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.65.56.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285629/; classtype:trojan-activity;sid:84148729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.39.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285628/; classtype:trojan-activity;sid:84148728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.183.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285627/; classtype:trojan-activity;sid:84148727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.57.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285626/; classtype:trojan-activity;sid:84148726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285625)"; flow:established,from_client; content:"GET"; http_method; content:"/test2.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mncrafter.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285625/; classtype:trojan-activity;sid:84148725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285624/; classtype:trojan-activity;sid:84148724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.228.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285623/; classtype:trojan-activity;sid:84148723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.168.88.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285622/; classtype:trojan-activity;sid:84148722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.110.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285621/; classtype:trojan-activity;sid:84148721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.217.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285619/; classtype:trojan-activity;sid:84148719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.175.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285620/; classtype:trojan-activity;sid:84148720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.133.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285582/; classtype:trojan-activity;sid:84148682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.115.131.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285580/; classtype:trojan-activity;sid:84148680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.247.218.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285570/; classtype:trojan-activity;sid:84148670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.133.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285564/; classtype:trojan-activity;sid:84148664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.200.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285541/; classtype:trojan-activity;sid:84148641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285502)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.213.189.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285502/; classtype:trojan-activity;sid:84148602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285503)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.213.189.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285503/; classtype:trojan-activity;sid:84148603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285494)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.213.189.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285494/; classtype:trojan-activity;sid:84148594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285495)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.213.189.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285495/; classtype:trojan-activity;sid:84148595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285496)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.213.189.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285496/; classtype:trojan-activity;sid:84148596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285497)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.213.189.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285497/; classtype:trojan-activity;sid:84148597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285498)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.213.189.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285498/; classtype:trojan-activity;sid:84148598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285499)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.213.189.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285499/; classtype:trojan-activity;sid:84148599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.199.157.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285486/; classtype:trojan-activity;sid:84148586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285455)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.107.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285455/; classtype:trojan-activity;sid:84148555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285441)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/rrrrrr-72f36.appspot.com/o/proyecto%2ffdsf.txt|3f|alt=media|7c|26|7c|token=def09299-49b7-42a1-b069-dfa7cf3a6d0e"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285441/; classtype:trojan-activity;sid:84148541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285440)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/rrrrrr-72f36.appspot.com/o/proyecto%2fskype.txt|3f|alt=media|7c|26|7c|token=d9d97dde-ba82-4237-8223-b6f9ce2dee88"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285440/; classtype:trojan-activity;sid:84148540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.162.59.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285433/; classtype:trojan-activity;sid:84148533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285428)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/-pril/refs/heads/main/kldrgawdtjawd.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285428/; classtype:trojan-activity;sid:84148528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.88.147.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285427/; classtype:trojan-activity;sid:84148527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.88.147.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285414/; classtype:trojan-activity;sid:84148514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.158.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285408/; classtype:trojan-activity;sid:84148508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.71.85.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285392/; classtype:trojan-activity;sid:84148492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.158.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285385/; classtype:trojan-activity;sid:84148485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285202)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.125.242.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285202/; classtype:trojan-activity;sid:84148302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285183)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.199.41.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285183/; classtype:trojan-activity;sid:84148283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.227.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285163/; classtype:trojan-activity;sid:84148263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285151/; classtype:trojan-activity;sid:84148251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.192.248.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285126/; classtype:trojan-activity;sid:84148226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285119)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm5"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"213.199.41.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285119/; classtype:trojan-activity;sid:84148219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285120)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.ppc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"213.199.41.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285120/; classtype:trojan-activity;sid:84148220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285121)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"213.199.41.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285121/; classtype:trojan-activity;sid:84148221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285122)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.m68k"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"213.199.41.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285122/; classtype:trojan-activity;sid:84148222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285123)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86_64"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"213.199.41.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285123/; classtype:trojan-activity;sid:84148223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285110)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"213.199.41.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285110/; classtype:trojan-activity;sid:84148210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285111)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.sh4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"213.199.41.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285111/; classtype:trojan-activity;sid:84148211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285112)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm7"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"213.199.41.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285112/; classtype:trojan-activity;sid:84148212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285113)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mpsl"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"213.199.41.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285113/; classtype:trojan-activity;sid:84148213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285114)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.i686"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"213.199.41.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285114/; classtype:trojan-activity;sid:84148214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285115)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm6"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"213.199.41.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285115/; classtype:trojan-activity;sid:84148215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285117)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mips"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"213.199.41.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285117/; classtype:trojan-activity;sid:84148217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.192.248.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285036/; classtype:trojan-activity;sid:84148136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.24.25.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284947/; classtype:trojan-activity;sid:84148047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284921)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.158.56.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284921/; classtype:trojan-activity;sid:84148021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284913)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.158.56.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284913/; classtype:trojan-activity;sid:84148013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284914)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.158.56.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284914/; classtype:trojan-activity;sid:84148014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284915)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"23.158.56.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284915/; classtype:trojan-activity;sid:84148015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284916)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"23.158.56.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284916/; classtype:trojan-activity;sid:84148016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284908)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"23.158.56.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284908/; classtype:trojan-activity;sid:84148008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284909)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.158.56.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284909/; classtype:trojan-activity;sid:84148009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284910)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.158.56.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284910/; classtype:trojan-activity;sid:84148010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284911)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.158.56.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284911/; classtype:trojan-activity;sid:84148011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284912)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"23.158.56.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284912/; classtype:trojan-activity;sid:84148012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284857)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"198.98.49.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284857/; classtype:trojan-activity;sid:84147957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.133.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284855/; classtype:trojan-activity;sid:84147955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284825/; classtype:trojan-activity;sid:84147925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284809)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ohtie89k.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284809/; classtype:trojan-activity;sid:84147909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284806)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/te3tlsre.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284806/; classtype:trojan-activity;sid:84147906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284805)"; flow:established,from_client; content:"GET"; http_method; content:"/lego/ama.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284805/; classtype:trojan-activity;sid:84147905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284804)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/qth5kdee.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284804/; classtype:trojan-activity;sid:84147904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284802)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/88aext0k.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284802/; classtype:trojan-activity;sid:84147902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284803)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ji2xlo1f.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284803/; classtype:trojan-activity;sid:84147903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284801)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe|3f|9i/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284801/; classtype:trojan-activity;sid:84147901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284800)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/sgx4824p.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284800/; classtype:trojan-activity;sid:84147900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284799)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bqkriy6l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284799/; classtype:trojan-activity;sid:84147899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284798)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/7cl16anh.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284798/; classtype:trojan-activity;sid:84147898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284797)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/uctgkfb7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284797/; classtype:trojan-activity;sid:84147897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284787)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284787/; classtype:trojan-activity;sid:84147887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284788)"; flow:established,from_client; content:"GET"; http_method; content:"/2c3d53f1da5ea53a/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"62.204.41.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284788/; classtype:trojan-activity;sid:84147888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284783)"; flow:established,from_client; content:"GET"; http_method; content:"/2c3d53f1da5ea53a/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.204.41.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284783/; classtype:trojan-activity;sid:84147883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284784)"; flow:established,from_client; content:"GET"; http_method; content:"/2c3d53f1da5ea53a/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.204.41.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284784/; classtype:trojan-activity;sid:84147884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284785)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284785/; classtype:trojan-activity;sid:84147885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284781)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284781/; classtype:trojan-activity;sid:84147881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284775)"; flow:established,from_client; content:"GET"; http_method; content:"/2c3d53f1da5ea53a/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.204.41.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284775/; classtype:trojan-activity;sid:84147875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284773)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284773/; classtype:trojan-activity;sid:84147873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284768)"; flow:established,from_client; content:"GET"; http_method; content:"/2c3d53f1da5ea53a/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"62.204.41.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284768/; classtype:trojan-activity;sid:84147868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284769)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284769/; classtype:trojan-activity;sid:84147869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284766)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284766/; classtype:trojan-activity;sid:84147866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284764)"; flow:established,from_client; content:"GET"; http_method; content:"/2c3d53f1da5ea53a/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"62.204.41.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284764/; classtype:trojan-activity;sid:84147864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284763)"; flow:established,from_client; content:"GET"; http_method; content:"/2c3d53f1da5ea53a/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"62.204.41.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284763/; classtype:trojan-activity;sid:84147863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284758)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284758/; classtype:trojan-activity;sid:84147858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284749)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/f86nrrc6.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284749/; classtype:trojan-activity;sid:84147849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284737)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.x86_64"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.221.97.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284737/; classtype:trojan-activity;sid:84147837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284721)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.mips"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"45.221.97.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284721/; classtype:trojan-activity;sid:84147821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284722)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.sh4"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.221.97.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284722/; classtype:trojan-activity;sid:84147822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284723)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.x86"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.221.97.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284723/; classtype:trojan-activity;sid:84147823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284724)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.arm7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"45.221.97.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284724/; classtype:trojan-activity;sid:84147824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284725)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.sh"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.221.97.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284725/; classtype:trojan-activity;sid:84147825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284726)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.ppc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.221.97.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284726/; classtype:trojan-activity;sid:84147826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284727)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.m68k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"45.221.97.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284727/; classtype:trojan-activity;sid:84147827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284728)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.spc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.221.97.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284728/; classtype:trojan-activity;sid:84147828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284729)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.arm5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"45.221.97.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284729/; classtype:trojan-activity;sid:84147829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284730)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.x86_64.dbg"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.221.97.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284730/; classtype:trojan-activity;sid:84147830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284731)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.mpsl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"45.221.97.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284731/; classtype:trojan-activity;sid:84147831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284732)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.arm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.221.97.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284732/; classtype:trojan-activity;sid:84147832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284733)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/speedtest-cli.arm6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"45.221.97.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284733/; classtype:trojan-activity;sid:84147833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284710)"; flow:established,from_client; content:"GET"; http_method; content:"/b/phvnc.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284710/; classtype:trojan-activity;sid:84147810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284711)"; flow:established,from_client; content:"GET"; http_method; content:"/b/yxwrm.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284711/; classtype:trojan-activity;sid:84147811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284712)"; flow:established,from_client; content:"GET"; http_method; content:"/b/l.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284712/; classtype:trojan-activity;sid:84147812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284714)"; flow:established,from_client; content:"GET"; http_method; content:"/b/yhboks.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284714/; classtype:trojan-activity;sid:84147814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284708)"; flow:established,from_client; content:"GET"; http_method; content:"/b/tjust.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284708/; classtype:trojan-activity;sid:84147808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284707)"; flow:established,from_client; content:"GET"; http_method; content:"/b/n.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284707/; classtype:trojan-activity;sid:84147807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284703)"; flow:established,from_client; content:"GET"; http_method; content:"/b/ymbk.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284703/; classtype:trojan-activity;sid:84147803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284704)"; flow:established,from_client; content:"GET"; http_method; content:"/b/rxwrm.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284704/; classtype:trojan-activity;sid:84147804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284706)"; flow:established,from_client; content:"GET"; http_method; content:"/b/ujs.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284706/; classtype:trojan-activity;sid:84147806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284697)"; flow:established,from_client; content:"GET"; http_method; content:"/b/xw.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284697/; classtype:trojan-activity;sid:84147797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284698)"; flow:established,from_client; content:"GET"; http_method; content:"/b/w2h.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284698/; classtype:trojan-activity;sid:84147798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284700)"; flow:established,from_client; content:"GET"; http_method; content:"/b/oph.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284700/; classtype:trojan-activity;sid:84147800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284701)"; flow:established,from_client; content:"GET"; http_method; content:"/b/xwo.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284701/; classtype:trojan-activity;sid:84147801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284696)"; flow:established,from_client; content:"GET"; http_method; content:"/b/xwom.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284696/; classtype:trojan-activity;sid:84147796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284687)"; flow:established,from_client; content:"GET"; http_method; content:"/b/hmbk.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284687/; classtype:trojan-activity;sid:84147787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284688)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/ds4.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284688/; classtype:trojan-activity;sid:84147788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284690)"; flow:established,from_client; content:"GET"; http_method; content:"/b/kek.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284690/; classtype:trojan-activity;sid:84147790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284692)"; flow:established,from_client; content:"GET"; http_method; content:"/b/1pphvns.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284692/; classtype:trojan-activity;sid:84147792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284693)"; flow:established,from_client; content:"GET"; http_method; content:"/b/1spe.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284693/; classtype:trojan-activity;sid:84147793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284694)"; flow:established,from_client; content:"GET"; http_method; content:"/b/hvnc.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284694/; classtype:trojan-activity;sid:84147794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284686)"; flow:established,from_client; content:"GET"; http_method; content:"/b/1venommrs.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284686/; classtype:trojan-activity;sid:84147786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284683)"; flow:established,from_client; content:"GET"; http_method; content:"/b/1hxnc.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284683/; classtype:trojan-activity;sid:84147783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.9.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284669/; classtype:trojan-activity;sid:84147769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284659)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.213.189.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284659/; classtype:trojan-activity;sid:84147759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284633/; classtype:trojan-activity;sid:84147733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.9.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284607/; classtype:trojan-activity;sid:84147707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284594)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"209.141.54.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284594/; classtype:trojan-activity;sid:84147694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284572)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.54.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284572/; classtype:trojan-activity;sid:84147672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284573)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.54.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284573/; classtype:trojan-activity;sid:84147673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284579)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.141.54.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284579/; classtype:trojan-activity;sid:84147679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284563)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.54.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284563/; classtype:trojan-activity;sid:84147663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284564)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.54.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284564/; classtype:trojan-activity;sid:84147664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284565)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.54.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284565/; classtype:trojan-activity;sid:84147665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284566)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.54.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284566/; classtype:trojan-activity;sid:84147666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284567)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.54.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284567/; classtype:trojan-activity;sid:84147667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284568)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.141.54.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284568/; classtype:trojan-activity;sid:84147668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284570)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.54.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284570/; classtype:trojan-activity;sid:84147670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284538)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284538/; classtype:trojan-activity;sid:84147638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.15.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284494/; classtype:trojan-activity;sid:84147594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284479/; classtype:trojan-activity;sid:84147579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.8.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284462/; classtype:trojan-activity;sid:84147562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284404)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.89.112.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284404/; classtype:trojan-activity;sid:84147504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.248.235.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284391/; classtype:trojan-activity;sid:84147491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.248.235.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284387/; classtype:trojan-activity;sid:84147487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284350)"; flow:established,from_client; content:"GET"; http_method; content:"/epp64.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"135.125.62.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284350/; classtype:trojan-activity;sid:84147450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284351)"; flow:established,from_client; content:"GET"; http_method; content:"/epp32.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"135.125.62.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284351/; classtype:trojan-activity;sid:84147451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284346)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/refs/heads/main/njrtdhadawt.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284346/; classtype:trojan-activity;sid:84147446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.184.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284344/; classtype:trojan-activity;sid:84147444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284334)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.120.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284334/; classtype:trojan-activity;sid:84147434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.180.38.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284328/; classtype:trojan-activity;sid:84147428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.190.102.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284321/; classtype:trojan-activity;sid:84147421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.180.38.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284310/; classtype:trojan-activity;sid:84147410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.159.154.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284291/; classtype:trojan-activity;sid:84147391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.240.168.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284281/; classtype:trojan-activity;sid:84147381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284173)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/clip64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284173/; classtype:trojan-activity;sid:84147273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284172)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/clip.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284172/; classtype:trojan-activity;sid:84147272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.8.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283984/; classtype:trojan-activity;sid:84147084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.78.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283895/; classtype:trojan-activity;sid:84146995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283882)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283882/; classtype:trojan-activity;sid:84146982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283876)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283876/; classtype:trojan-activity;sid:84146976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283874)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283874/; classtype:trojan-activity;sid:84146974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283866)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283866/; classtype:trojan-activity;sid:84146966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283867)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283867/; classtype:trojan-activity;sid:84146967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283868)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283868/; classtype:trojan-activity;sid:84146968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283869)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283869/; classtype:trojan-activity;sid:84146969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283870)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283870/; classtype:trojan-activity;sid:84146970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283871)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283871/; classtype:trojan-activity;sid:84146971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283872)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283872/; classtype:trojan-activity;sid:84146972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283873)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283873/; classtype:trojan-activity;sid:84146973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.228.129.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283838/; classtype:trojan-activity;sid:84146938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.9.101"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283787/; classtype:trojan-activity;sid:84146887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.9.101"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283767/; classtype:trojan-activity;sid:84146867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.26.82.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283741/; classtype:trojan-activity;sid:84146841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.83.180.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283642/; classtype:trojan-activity;sid:84146742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283613)"; flow:established,from_client; content:"GET"; http_method; content:"/1.jar"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.111.174.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283613/; classtype:trojan-activity;sid:84146713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.58.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283580/; classtype:trojan-activity;sid:84146680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283570)"; flow:established,from_client; content:"GET"; http_method; content:"/readme/glued.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"armanayegh.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283570/; classtype:trojan-activity;sid:84146670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.12.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283562/; classtype:trojan-activity;sid:84146662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283560)"; flow:established,from_client; content:"GET"; http_method; content:"/readme/bin.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"armanayegh.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283560/; classtype:trojan-activity;sid:84146660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.12.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283555/; classtype:trojan-activity;sid:84146655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.216.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283504/; classtype:trojan-activity;sid:84146604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.43.108.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283478/; classtype:trojan-activity;sid:84146578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.180.130.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283442/; classtype:trojan-activity;sid:84146542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.180.130.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283420/; classtype:trojan-activity;sid:84146520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283379)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.120.116.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283379/; classtype:trojan-activity;sid:84146479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283381)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.120.116.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283381/; classtype:trojan-activity;sid:84146481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283382)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.120.116.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283382/; classtype:trojan-activity;sid:84146482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283373)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.120.116.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283373/; classtype:trojan-activity;sid:84146473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283377)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.120.116.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283377/; classtype:trojan-activity;sid:84146477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283347)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.120.116.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283347/; classtype:trojan-activity;sid:84146447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283349)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.120.116.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283349/; classtype:trojan-activity;sid:84146449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283363)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.120.116.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283363/; classtype:trojan-activity;sid:84146463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283365)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.120.116.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283365/; classtype:trojan-activity;sid:84146465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283366)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.120.116.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283366/; classtype:trojan-activity;sid:84146466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283369)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.120.116.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283369/; classtype:trojan-activity;sid:84146469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.191.154.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283310/; classtype:trojan-activity;sid:84146410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.30.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283274/; classtype:trojan-activity;sid:84146374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.30.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283248/; classtype:trojan-activity;sid:84146348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.22.201.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283244/; classtype:trojan-activity;sid:84146344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.177.100.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283228/; classtype:trojan-activity;sid:84146328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.91.223.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283207/; classtype:trojan-activity;sid:84146307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.177.100.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283198/; classtype:trojan-activity;sid:84146298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283166)"; flow:established,from_client; content:"GET"; http_method; content:"/allnew.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283166/; classtype:trojan-activity;sid:84146266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.91.223.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282978/; classtype:trojan-activity;sid:84146078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"198.163.192.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282956/; classtype:trojan-activity;sid:84146056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.132.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282835/; classtype:trojan-activity;sid:84145935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.96.184.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282821/; classtype:trojan-activity;sid:84145921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.132.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282819/; classtype:trojan-activity;sid:84145919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.96.184.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282794/; classtype:trojan-activity;sid:84145894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.9.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282682/; classtype:trojan-activity;sid:84145782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.9.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282669/; classtype:trojan-activity;sid:84145769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.191.154.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282455/; classtype:trojan-activity;sid:84145555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282418)"; flow:established,from_client; content:"GET"; http_method; content:"/images/faith"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"65.175.140.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282418/; classtype:trojan-activity;sid:84145518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282395)"; flow:established,from_client; content:"GET"; http_method; content:"/images/zte"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"65.175.140.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282395/; classtype:trojan-activity;sid:84145495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282193)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.148.163.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282193/; classtype:trojan-activity;sid:84145293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.240.168.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282161/; classtype:trojan-activity;sid:84145261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282128)"; flow:established,from_client; content:"GET"; http_method; content:"/frpc.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"101.133.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282128/; classtype:trojan-activity;sid:84145228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282127)"; flow:established,from_client; content:"GET"; http_method; content:"/nohup.out"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"101.133.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282127/; classtype:trojan-activity;sid:84145227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282120)"; flow:established,from_client; content:"GET"; http_method; content:"/mysql.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"101.133.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282120/; classtype:trojan-activity;sid:84145220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282122)"; flow:established,from_client; content:"GET"; http_method; content:"/yaml-payload.jar"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"101.200.160.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282122/; classtype:trojan-activity;sid:84145222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.156.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281731/; classtype:trojan-activity;sid:84144831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281714)"; flow:established,from_client; content:"GET"; http_method; content:"/s3cur3th1ssh1t/creds/master/obfuscatedps/dccuac.ps1"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281714/; classtype:trojan-activity;sid:84144814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281611)"; flow:established,from_client; content:"GET"; http_method; content:"/fscan"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.219.63.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281611/; classtype:trojan-activity;sid:84144711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"8.219.63.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281610/; classtype:trojan-activity;sid:84144710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281606)"; flow:established,from_client; content:"GET"; http_method; content:"/cleanborg/quote_4847_general_techs_llc.rar"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"websutility.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281606/; classtype:trojan-activity;sid:84144706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281603)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/x1zadjlpndvykembsf6i.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281603/; classtype:trojan-activity;sid:84144703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281585)"; flow:established,from_client; content:"GET"; http_method; content:"/thanksforusingourwebsite/serv/downloads/248364651.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281585/; classtype:trojan-activity;sid:84144685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281584)"; flow:established,from_client; content:"GET"; http_method; content:"/68-new.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.255.2.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281584/; classtype:trojan-activity;sid:84144684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281578)"; flow:established,from_client; content:"GET"; http_method; content:"/maxz/update/client/client.exe.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"103.174.191.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281578/; classtype:trojan-activity;sid:84144678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281577)"; flow:established,from_client; content:"GET"; http_method; content:"/maxz/update/client/dsetup.dll.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"103.174.191.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281577/; classtype:trojan-activity;sid:84144677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.205.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281550/; classtype:trojan-activity;sid:84144650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.205.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281535/; classtype:trojan-activity;sid:84144635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.100.63.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281415/; classtype:trojan-activity;sid:84144515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.227.51.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281238/; classtype:trojan-activity;sid:84144338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281085)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281085/; classtype:trojan-activity;sid:84144185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281033)"; flow:established,from_client; content:"GET"; http_method; content:"/work/das.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"girlsgifs.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281033/; classtype:trojan-activity;sid:84144133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.58.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280975/; classtype:trojan-activity;sid:84144075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.4.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280970/; classtype:trojan-activity;sid:84144070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.4.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280954/; classtype:trojan-activity;sid:84144054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280921)"; flow:established,from_client; content:"GET"; http_method; content:"/ev.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280921/; classtype:trojan-activity;sid:84144021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.130.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280899/; classtype:trojan-activity;sid:84143999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.130.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280858/; classtype:trojan-activity;sid:84143958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280824)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.163.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280824/; classtype:trojan-activity;sid:84143924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.190.102.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280814/; classtype:trojan-activity;sid:84143914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280797)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/refs/heads/main/nvidia.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280797/; classtype:trojan-activity;sid:84143897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280762)"; flow:established,from_client; content:"GET"; http_method; content:"/woord02/nigga/refs/heads/main/majesticexec.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280762/; classtype:trojan-activity;sid:84143862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280752)"; flow:established,from_client; content:"GET"; http_method; content:"/img/boy.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"191.96.224.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280752/; classtype:trojan-activity;sid:84143852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280748)"; flow:established,from_client; content:"GET"; http_method; content:"/b/mbkbds.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280748/; classtype:trojan-activity;sid:84143848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280739)"; flow:established,from_client; content:"GET"; http_method; content:"/eeememebiggg.txt"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.120.113.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280739/; classtype:trojan-activity;sid:84143839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280741)"; flow:established,from_client; content:"GET"; http_method; content:"/txt/zf3dxapdnla4lnl.doc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.84.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280741/; classtype:trojan-activity;sid:84143841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280713)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/main/arm7"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280713/; classtype:trojan-activity;sid:84143813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280695)"; flow:established,from_client; content:"GET"; http_method; content:"/iz3lne.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280695/; classtype:trojan-activity;sid:84143795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280687)"; flow:established,from_client; content:"GET"; http_method; content:"/!api/2.0/snippets/nikkerkhan/5qkmxx/c193c8cd66ad1405f4a0ebc7293d71d0f287eb98/files/all.txt"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280687/; classtype:trojan-activity;sid:84143787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280685)"; flow:established,from_client; content:"GET"; http_method; content:"/consoleapp2.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.208.156.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280685/; classtype:trojan-activity;sid:84143785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280680)"; flow:established,from_client; content:"GET"; http_method; content:"/fiies/stormfn-launcher/raw/refs/heads/main/stormfn-launcher.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280680/; classtype:trojan-activity;sid:84143780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.73.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280675/; classtype:trojan-activity;sid:84143775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.210.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280670/; classtype:trojan-activity;sid:84143770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280635)"; flow:established,from_client; content:"GET"; http_method; content:"/le/la.bot.powerpc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280635/; classtype:trojan-activity;sid:84143735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280636)"; flow:established,from_client; content:"GET"; http_method; content:"/le/la.bot.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280636/; classtype:trojan-activity;sid:84143736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280637)"; flow:established,from_client; content:"GET"; http_method; content:"/le/la.bot.sparc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280637/; classtype:trojan-activity;sid:84143737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280627)"; flow:established,from_client; content:"GET"; http_method; content:"/le/la.bot.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280627/; classtype:trojan-activity;sid:84143727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280628)"; flow:established,from_client; content:"GET"; http_method; content:"/le/la.bot.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280628/; classtype:trojan-activity;sid:84143728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280629)"; flow:established,from_client; content:"GET"; http_method; content:"/le/la.bot.arc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280629/; classtype:trojan-activity;sid:84143729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280630)"; flow:established,from_client; content:"GET"; http_method; content:"/le/la.bot.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280630/; classtype:trojan-activity;sid:84143730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280631)"; flow:established,from_client; content:"GET"; http_method; content:"/le/la.bot.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280631/; classtype:trojan-activity;sid:84143731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280632)"; flow:established,from_client; content:"GET"; http_method; content:"/le/la.bot.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280632/; classtype:trojan-activity;sid:84143732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280633)"; flow:established,from_client; content:"GET"; http_method; content:"/le/la.bot.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280633/; classtype:trojan-activity;sid:84143733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280634)"; flow:established,from_client; content:"GET"; http_method; content:"/le/la.bot.mipsel"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280634/; classtype:trojan-activity;sid:84143734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280613)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.sparc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280613/; classtype:trojan-activity;sid:84143713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280599)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280599/; classtype:trojan-activity;sid:84143699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280600)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280600/; classtype:trojan-activity;sid:84143700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280601)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280601/; classtype:trojan-activity;sid:84143701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280602)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280602/; classtype:trojan-activity;sid:84143702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280603)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280603/; classtype:trojan-activity;sid:84143703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280604)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280604/; classtype:trojan-activity;sid:84143704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280605)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280605/; classtype:trojan-activity;sid:84143705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280606)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280606/; classtype:trojan-activity;sid:84143706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280607)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.powerpc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280607/; classtype:trojan-activity;sid:84143707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280559)"; flow:established,from_client; content:"GET"; http_method; content:"/main.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.36.224.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280559/; classtype:trojan-activity;sid:84143659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280548)"; flow:established,from_client; content:"GET"; http_method; content:"/blacks/josho.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"5.59.249.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280548/; classtype:trojan-activity;sid:84143648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.10.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280525/; classtype:trojan-activity;sid:84143625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280479)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrok.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.111.174.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280479/; classtype:trojan-activity;sid:84143579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280461)"; flow:established,from_client; content:"GET"; http_method; content:"/ng1.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.111.174.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280461/; classtype:trojan-activity;sid:84143561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280463)"; flow:established,from_client; content:"GET"; http_method; content:"/ng2.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.111.174.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280463/; classtype:trojan-activity;sid:84143563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280475)"; flow:established,from_client; content:"GET"; http_method; content:"/vmmanagedsetup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.111.174.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280475/; classtype:trojan-activity;sid:84143575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.187.118.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280449/; classtype:trojan-activity;sid:84143549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.150.75.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280352/; classtype:trojan-activity;sid:84143452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.10.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280331/; classtype:trojan-activity;sid:84143431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280216)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"202.131.82.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280216/; classtype:trojan-activity;sid:84143316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280212)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.40.52.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280212/; classtype:trojan-activity;sid:84143312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280205)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.24.38.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280205/; classtype:trojan-activity;sid:84143305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280209)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.50.163.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280209/; classtype:trojan-activity;sid:84143309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280195)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.41.18.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280195/; classtype:trojan-activity;sid:84143295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280187)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.242.50.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280187/; classtype:trojan-activity;sid:84143287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280179)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"40.124.112.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280179/; classtype:trojan-activity;sid:84143279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280170)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.217.7.79"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280170/; classtype:trojan-activity;sid:84143270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280176)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.96.67.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280176/; classtype:trojan-activity;sid:84143276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280177)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.62.173.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280177/; classtype:trojan-activity;sid:84143277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280160)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.113.96.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280160/; classtype:trojan-activity;sid:84143260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280151)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.100.70.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280151/; classtype:trojan-activity;sid:84143251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280153)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.238.103.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280153/; classtype:trojan-activity;sid:84143253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280158)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.77.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280158/; classtype:trojan-activity;sid:84143258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280141)"; flow:established,from_client; content:"GET"; http_method; content:"/v1/ws2/:excellent2024/:stars_1/stars"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"my.cloudme.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280141/; classtype:trojan-activity;sid:84143241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280138)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/njrtdhadawt.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280138/; classtype:trojan-activity;sid:84143238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.164.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280120/; classtype:trojan-activity;sid:84143220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279861)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3yh8gdte.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279861/; classtype:trojan-activity;sid:84142961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279851)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/6nteyex7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279851/; classtype:trojan-activity;sid:84142951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279852)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jb4w5s2l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279852/; classtype:trojan-activity;sid:84142952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279854)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/j4vzzuai.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279854/; classtype:trojan-activity;sid:84142954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279855)"; flow:established,from_client; content:"GET"; http_method; content:"/coreopt/plugins/clip64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279855/; classtype:trojan-activity;sid:84142955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279856)"; flow:established,from_client; content:"GET"; http_method; content:"/coreopt/plugins/cred.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279856/; classtype:trojan-activity;sid:84142956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279845)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe|3f|9i"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279845/; classtype:trojan-activity;sid:84142945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279844)"; flow:established,from_client; content:"GET"; http_method; content:"/mine/random.exe|3f|y"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279844/; classtype:trojan-activity;sid:84142944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279843)"; flow:established,from_client; content:"GET"; http_method; content:"/coreopt/plugins/clip64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279843/; classtype:trojan-activity;sid:84142943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279767)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lespim"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279767/; classtype:trojan-activity;sid:84142867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279768)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spim"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279768/; classtype:trojan-activity;sid:84142868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279765)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/686i"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279765/; classtype:trojan-activity;sid:84142865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279766)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/k86m"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279766/; classtype:trojan-activity;sid:84142866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.210.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279625/; classtype:trojan-activity;sid:84142725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.73.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279604/; classtype:trojan-activity;sid:84142704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.38.123.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279470/; classtype:trojan-activity;sid:84142570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279353)"; flow:established,from_client; content:"GET"; http_method; content:"/xavieprowel/crispy-palm-tree/releases/download/1/3e3ev3.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279353/; classtype:trojan-activity;sid:84142453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.123.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279325/; classtype:trojan-activity;sid:84142425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.123.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279205/; classtype:trojan-activity;sid:84142305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.105.59.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279078/; classtype:trojan-activity;sid:84142178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.105.59.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279065/; classtype:trojan-activity;sid:84142165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.92.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279022/; classtype:trojan-activity;sid:84142122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.83.180.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279018/; classtype:trojan-activity;sid:84142118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.83.180.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279001/; classtype:trojan-activity;sid:84142101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278973)"; flow:established,from_client; content:"GET"; http_method; content:"/a.ini"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278973/; classtype:trojan-activity;sid:84142073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278974)"; flow:established,from_client; content:"GET"; http_method; content:"/cdb.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278974/; classtype:trojan-activity;sid:84142074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278969)"; flow:established,from_client; content:"GET"; http_method; content:"/c2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278969/; classtype:trojan-activity;sid:84142069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278970)"; flow:established,from_client; content:"GET"; http_method; content:"/c.bin"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278970/; classtype:trojan-activity;sid:84142070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278971)"; flow:established,from_client; content:"GET"; http_method; content:"/c1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278971/; classtype:trojan-activity;sid:84142071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278972)"; flow:established,from_client; content:"GET"; http_method; content:"/c3.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278972/; classtype:trojan-activity;sid:84142072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278965)"; flow:established,from_client; content:"GET"; http_method; content:"/calc.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278965/; classtype:trojan-activity;sid:84142065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278966)"; flow:established,from_client; content:"GET"; http_method; content:"/msf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278966/; classtype:trojan-activity;sid:84142066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278950)"; flow:established,from_client; content:"GET"; http_method; content:"/js/s.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.75.156.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278950/; classtype:trojan-activity;sid:84142050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278949)"; flow:established,from_client; content:"GET"; http_method; content:"/js/4577.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"61.75.156.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278949/; classtype:trojan-activity;sid:84142049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.41.137.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278930/; classtype:trojan-activity;sid:84142030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278849)"; flow:established,from_client; content:"GET"; http_method; content:"/1st/1st.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"zip-store.oss-ap-southeast-1.aliyuncs.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278849/; classtype:trojan-activity;sid:84141949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278844)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3yh8gdte.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278844/; classtype:trojan-activity;sid:84141944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278840)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/khtoawdltrha.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278840/; classtype:trojan-activity;sid:84141940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278826)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jb4w5s2l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278826/; classtype:trojan-activity;sid:84141926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278828)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/6nteyex7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278828/; classtype:trojan-activity;sid:84141928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278833)"; flow:established,from_client; content:"GET"; http_method; content:"/easy-v1.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"zip-store.oss-ap-southeast-1.aliyuncs.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278833/; classtype:trojan-activity;sid:84141933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278782)"; flow:established,from_client; content:"GET"; http_method; content:"/v4setup.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pub-d6448def2aba44ce96071bebcc1ce641.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278782/; classtype:trojan-activity;sid:84141882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.62.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278747/; classtype:trojan-activity;sid:84141847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.62.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278740/; classtype:trojan-activity;sid:84141840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278669)"; flow:established,from_client; content:"GET"; http_method; content:"/txdown_disk/%e8%bd%af%e4%bb%b6%e4%bd%bf%e7%94%a8/%e7%bc%ba%e5%a4%b1%e4%b8%8b%e8%bd%bd/plugin.dll"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"disk.accord1key.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278669/; classtype:trojan-activity;sid:84141769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278659)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/jerniuiopu.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278659/; classtype:trojan-activity;sid:84141759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278660)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/hbfgjhhesfd.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278660/; classtype:trojan-activity;sid:84141760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.246.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278608/; classtype:trojan-activity;sid:84141708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.246.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278595/; classtype:trojan-activity;sid:84141695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278584)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/refs/heads/main/jerniuiopu.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278584/; classtype:trojan-activity;sid:84141684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278583)"; flow:established,from_client; content:"GET"; http_method; content:"/itschangat/test/refs/heads/main/server.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278583/; classtype:trojan-activity;sid:84141683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278579)"; flow:established,from_client; content:"GET"; http_method; content:"/felikzig/wdt/refs/heads/main/collosalloader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278579/; classtype:trojan-activity;sid:84141679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278577)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/refs/heads/main/2klz.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278577/; classtype:trojan-activity;sid:84141677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278578)"; flow:established,from_client; content:"GET"; http_method; content:"/bonsko216/1/refs/heads/main/runtimebroker.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278578/; classtype:trojan-activity;sid:84141678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278573)"; flow:established,from_client; content:"GET"; http_method; content:"/ciphershld/ms-p-1a/master/setup%20ms%20p-1a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278573/; classtype:trojan-activity;sid:84141673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278574)"; flow:established,from_client; content:"GET"; http_method; content:"/realgamer007/loaders/main/dxwebsetup.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278574/; classtype:trojan-activity;sid:84141674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278575)"; flow:established,from_client; content:"GET"; http_method; content:"/endity123/fivem-spoofer/main/reaper%20cfx%20spoofer%20v2.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278575/; classtype:trojan-activity;sid:84141675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278576)"; flow:established,from_client; content:"GET"; http_method; content:"/minecradt/regdelete/readme-edits/hell9o.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278576/; classtype:trojan-activity;sid:84141676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278566)"; flow:established,from_client; content:"GET"; http_method; content:"/unix-cmd/dev/main/discord.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278566/; classtype:trojan-activity;sid:84141666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278567)"; flow:established,from_client; content:"GET"; http_method; content:"/openpeach/dotnetfx_cleanup_tool/refs/heads/master/cleanup_tool.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278567/; classtype:trojan-activity;sid:84141667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278570)"; flow:established,from_client; content:"GET"; http_method; content:"/cavxsy/crazy.spoofer/refs/heads/main/loader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278570/; classtype:trojan-activity;sid:84141670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278571)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"download-winsdownload-wins.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278571/; classtype:trojan-activity;sid:84141671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278559)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidisigmer/fncleanerv2/releases/download/cleanerv2/cleanerv2.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278559/; classtype:trojan-activity;sid:84141659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278560)"; flow:established,from_client; content:"GET"; http_method; content:"/sleepysnz/skibidi/archive/refs/heads/main.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278560/; classtype:trojan-activity;sid:84141660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278555)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/jerniuiopu.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278555/; classtype:trojan-activity;sid:84141655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278556)"; flow:established,from_client; content:"GET"; http_method; content:"/new.pdf"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"152.67.4.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278556/; classtype:trojan-activity;sid:84141656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278558)"; flow:established,from_client; content:"GET"; http_method; content:"/bonsko216/1/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278558/; classtype:trojan-activity;sid:84141658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278554)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/hbfgjhhesfd.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278554/; classtype:trojan-activity;sid:84141654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278543)"; flow:established,from_client; content:"GET"; http_method; content:"/5ndshog3cwa/plugins/cred.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.93.20.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278543/; classtype:trojan-activity;sid:84141643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278544)"; flow:established,from_client; content:"GET"; http_method; content:"/itschangat/test/raw/refs/heads/main/server.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278544/; classtype:trojan-activity;sid:84141644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278542)"; flow:established,from_client; content:"GET"; http_method; content:"/5ndshog3cwa/plugins/clip.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.93.20.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278542/; classtype:trojan-activity;sid:84141642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278442)"; flow:established,from_client; content:"GET"; http_method; content:"/b/t.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278442/; classtype:trojan-activity;sid:84141542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278438)"; flow:established,from_client; content:"GET"; http_method; content:"/b/yhvnc.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278438/; classtype:trojan-activity;sid:84141538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278436)"; flow:established,from_client; content:"GET"; http_method; content:"/b/l.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278436/; classtype:trojan-activity;sid:84141536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278437)"; flow:established,from_client; content:"GET"; http_method; content:"/b/krabbit.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278437/; classtype:trojan-activity;sid:84141537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278432)"; flow:established,from_client; content:"GET"; http_method; content:"/b/yprevhvnc.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278432/; classtype:trojan-activity;sid:84141532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278433)"; flow:established,from_client; content:"GET"; http_method; content:"/b/rxwrm.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278433/; classtype:trojan-activity;sid:84141533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278434)"; flow:established,from_client; content:"GET"; http_method; content:"/b/hvnc.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278434/; classtype:trojan-activity;sid:84141534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278435)"; flow:established,from_client; content:"GET"; http_method; content:"/b/kek.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278435/; classtype:trojan-activity;sid:84141535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278426)"; flow:established,from_client; content:"GET"; http_method; content:"/b/hmbk.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278426/; classtype:trojan-activity;sid:84141526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278428)"; flow:established,from_client; content:"GET"; http_method; content:"/b/ybitra.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278428/; classtype:trojan-activity;sid:84141528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278429)"; flow:established,from_client; content:"GET"; http_method; content:"/b/phvnc.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278429/; classtype:trojan-activity;sid:84141529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278430)"; flow:established,from_client; content:"GET"; http_method; content:"/b/hjustvsv.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278430/; classtype:trojan-activity;sid:84141530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278431)"; flow:established,from_client; content:"GET"; http_method; content:"/b/pbitsd.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278431/; classtype:trojan-activity;sid:84141531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278422)"; flow:established,from_client; content:"GET"; http_method; content:"/b/xwormsds.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278422/; classtype:trojan-activity;sid:84141522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278423)"; flow:established,from_client; content:"GET"; http_method; content:"/b/yremcom.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278423/; classtype:trojan-activity;sid:84141523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278424)"; flow:established,from_client; content:"GET"; http_method; content:"/b/ymbk.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278424/; classtype:trojan-activity;sid:84141524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278416)"; flow:established,from_client; content:"GET"; http_method; content:"/b/sxr.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278416/; classtype:trojan-activity;sid:84141516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278417)"; flow:established,from_client; content:"GET"; http_method; content:"/b/ujsat.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278417/; classtype:trojan-activity;sid:84141517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278418)"; flow:established,from_client; content:"GET"; http_method; content:"/b/jajyqg.wav"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278418/; classtype:trojan-activity;sid:84141518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278420)"; flow:established,from_client; content:"GET"; http_method; content:"/b/pxlmgtxtcdc.pdf"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278420/; classtype:trojan-activity;sid:84141520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278410)"; flow:established,from_client; content:"GET"; http_method; content:"/b/fjoqbcq.dat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278410/; classtype:trojan-activity;sid:84141510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278411)"; flow:established,from_client; content:"GET"; http_method; content:"/b/pt.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278411/; classtype:trojan-activity;sid:84141511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278412)"; flow:established,from_client; content:"GET"; http_method; content:"/b/lhblsqn.wav"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278412/; classtype:trojan-activity;sid:84141512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278413)"; flow:established,from_client; content:"GET"; http_method; content:"/b/p.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278413/; classtype:trojan-activity;sid:84141513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278415)"; flow:established,from_client; content:"GET"; http_method; content:"/b/qhntibmhlon.vdf"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278415/; classtype:trojan-activity;sid:84141515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278409)"; flow:established,from_client; content:"GET"; http_method; content:"/b/ymwqmw.dat"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278409/; classtype:trojan-activity;sid:84141509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278403)"; flow:established,from_client; content:"GET"; http_method; content:"/b/xwo.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278403/; classtype:trojan-activity;sid:84141503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278404)"; flow:established,from_client; content:"GET"; http_method; content:"/b/wcpxe.dat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278404/; classtype:trojan-activity;sid:84141504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278405)"; flow:established,from_client; content:"GET"; http_method; content:"/b/tjust.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278405/; classtype:trojan-activity;sid:84141505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278406)"; flow:established,from_client; content:"GET"; http_method; content:"/b/rpcvshk.mp3"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278406/; classtype:trojan-activity;sid:84141506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278407)"; flow:established,from_client; content:"GET"; http_method; content:"/b/xw.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278407/; classtype:trojan-activity;sid:84141507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278396)"; flow:established,from_client; content:"GET"; http_method; content:"/b/kjxwormgf.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278396/; classtype:trojan-activity;sid:84141496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278397)"; flow:established,from_client; content:"GET"; http_method; content:"/b/oph.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278397/; classtype:trojan-activity;sid:84141497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278398)"; flow:established,from_client; content:"GET"; http_method; content:"/b/qomxl.pdf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278398/; classtype:trojan-activity;sid:84141498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278400)"; flow:established,from_client; content:"GET"; http_method; content:"/b/yxwrm.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278400/; classtype:trojan-activity;sid:84141500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278402)"; flow:established,from_client; content:"GET"; http_method; content:"/b/vsymss.vdf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278402/; classtype:trojan-activity;sid:84141502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278395)"; flow:established,from_client; content:"GET"; http_method; content:"/b/n.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278395/; classtype:trojan-activity;sid:84141495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278393)"; flow:established,from_client; content:"GET"; http_method; content:"/b/jvenom.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278393/; classtype:trojan-activity;sid:84141493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278391)"; flow:established,from_client; content:"GET"; http_method; content:"/b/yvrm.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278391/; classtype:trojan-activity;sid:84141491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278388)"; flow:established,from_client; content:"GET"; http_method; content:"/b/xwom.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278388/; classtype:trojan-activity;sid:84141488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278390)"; flow:established,from_client; content:"GET"; http_method; content:"/b/yhboks.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278390/; classtype:trojan-activity;sid:84141490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278383)"; flow:established,from_client; content:"GET"; http_method; content:"/b/phv.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278383/; classtype:trojan-activity;sid:84141483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278384)"; flow:established,from_client; content:"GET"; http_method; content:"/b/uodymrbikkh.pdf"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278384/; classtype:trojan-activity;sid:84141484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278385)"; flow:established,from_client; content:"GET"; http_method; content:"/b/zaoxm.wav"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278385/; classtype:trojan-activity;sid:84141485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278386)"; flow:established,from_client; content:"GET"; http_method; content:"/b/xwi.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278386/; classtype:trojan-activity;sid:84141486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278387)"; flow:established,from_client; content:"GET"; http_method; content:"/b/yjpoman.vdf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278387/; classtype:trojan-activity;sid:84141487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278382)"; flow:established,from_client; content:"GET"; http_method; content:"/inv/r80knbgvs09axhj.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278382/; classtype:trojan-activity;sid:84141482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278379)"; flow:established,from_client; content:"GET"; http_method; content:"/vb/hup.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278379/; classtype:trojan-activity;sid:84141479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278380)"; flow:established,from_client; content:"GET"; http_method; content:"/z.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"electjimhenderson.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278380/; classtype:trojan-activity;sid:84141480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278377)"; flow:established,from_client; content:"GET"; http_method; content:"/b/arucaftqdi.mp4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278377/; classtype:trojan-activity;sid:84141477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278376)"; flow:established,from_client; content:"GET"; http_method; content:"/zx/kpeukkkcxw.bmp"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278376/; classtype:trojan-activity;sid:84141476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278374)"; flow:established,from_client; content:"GET"; http_method; content:"/vb/hup.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278374/; classtype:trojan-activity;sid:84141474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278361)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=17hv9-3t2ilikbmcfql2z66ipd72x4mz7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278361/; classtype:trojan-activity;sid:84141461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278360)"; flow:established,from_client; content:"GET"; http_method; content:"/b/1vxworm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278360/; classtype:trojan-activity;sid:84141460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278359)"; flow:established,from_client; content:"GET"; http_method; content:"/b/1spe.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278359/; classtype:trojan-activity;sid:84141459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278357)"; flow:established,from_client; content:"GET"; http_method; content:"/b/1phvnc.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278357/; classtype:trojan-activity;sid:84141457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278358)"; flow:established,from_client; content:"GET"; http_method; content:"/b/1remcosnd.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278358/; classtype:trojan-activity;sid:84141458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278356)"; flow:established,from_client; content:"GET"; http_method; content:"/b/1vcf.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278356/; classtype:trojan-activity;sid:84141456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278352)"; flow:established,from_client; content:"GET"; http_method; content:"/b/1pphvns.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278352/; classtype:trojan-activity;sid:84141452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278353)"; flow:established,from_client; content:"GET"; http_method; content:"/b/1venommrs.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278353/; classtype:trojan-activity;sid:84141453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278354)"; flow:established,from_client; content:"GET"; http_method; content:"/b/1prevhnvc.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"winyardbuilding.nz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278354/; classtype:trojan-activity;sid:84141454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278341)"; flow:established,from_client; content:"GET"; http_method; content:"/dajhdha.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.20.102.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278341/; classtype:trojan-activity;sid:84141441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278340)"; flow:established,from_client; content:"GET"; http_method; content:"/update.hta"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"secure.cloudtechnologiesusa.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278340/; classtype:trojan-activity;sid:84141440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278339)"; flow:established,from_client; content:"GET"; http_method; content:"/americassssss.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"87.120.113.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278339/; classtype:trojan-activity;sid:84141439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278336)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/ds3.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278336/; classtype:trojan-activity;sid:84141436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278330)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/ac/pef3.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278330/; classtype:trojan-activity;sid:84141430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278324)"; flow:established,from_client; content:"GET"; http_method; content:"/tigerhulk3.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.141.26.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278324/; classtype:trojan-activity;sid:84141424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278319)"; flow:established,from_client; content:"GET"; http_method; content:"/coreopt/plugins/cred64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278319/; classtype:trojan-activity;sid:84141419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278315)"; flow:established,from_client; content:"GET"; http_method; content:"/coreopt/plugins/cred.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278315/; classtype:trojan-activity;sid:84141415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278312)"; flow:established,from_client; content:"GET"; http_method; content:"/api/loader.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278312/; classtype:trojan-activity;sid:84141412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278313)"; flow:established,from_client; content:"GET"; http_method; content:"/osupdater.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278313/; classtype:trojan-activity;sid:84141413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278310)"; flow:established,from_client; content:"GET"; http_method; content:"/si.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.202.113.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278310/; classtype:trojan-activity;sid:84141410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278272)"; flow:established,from_client; content:"GET"; http_method; content:"/c1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278272/; classtype:trojan-activity;sid:84141372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278271)"; flow:established,from_client; content:"GET"; http_method; content:"/c2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278271/; classtype:trojan-activity;sid:84141371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278267)"; flow:established,from_client; content:"GET"; http_method; content:"/sam.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278267/; classtype:trojan-activity;sid:84141367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278265)"; flow:established,from_client; content:"GET"; http_method; content:"/c3.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278265/; classtype:trojan-activity;sid:84141365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278266)"; flow:established,from_client; content:"GET"; http_method; content:"/msf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278266/; classtype:trojan-activity;sid:84141366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278261)"; flow:established,from_client; content:"GET"; http_method; content:"/c.bin"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278261/; classtype:trojan-activity;sid:84141361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278262)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278262/; classtype:trojan-activity;sid:84141362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278263)"; flow:established,from_client; content:"GET"; http_method; content:"/calc.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278263/; classtype:trojan-activity;sid:84141363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278264)"; flow:established,from_client; content:"GET"; http_method; content:"/st.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278264/; classtype:trojan-activity;sid:84141364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278205)"; flow:established,from_client; content:"GET"; http_method; content:"/spim"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278205/; classtype:trojan-activity;sid:84141305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278097/; classtype:trojan-activity;sid:84141197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.51.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278096/; classtype:trojan-activity;sid:84141196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278044)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/j4vzzuai.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278044/; classtype:trojan-activity;sid:84141144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.134.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278043/; classtype:trojan-activity;sid:84141143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.134.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278019/; classtype:trojan-activity;sid:84141119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277863)"; flow:established,from_client; content:"GET"; http_method; content:"/socialinformationonline/love/downloads/statement-963462.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277863/; classtype:trojan-activity;sid:84140963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.158.161.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277736/; classtype:trojan-activity;sid:84140836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277733)"; flow:established,from_client; content:"GET"; http_method; content:"/work/das.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"chat2cams.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277733/; classtype:trojan-activity;sid:84140833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.91.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277690/; classtype:trojan-activity;sid:84140790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.11.38"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277664/; classtype:trojan-activity;sid:84140764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.156.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277658/; classtype:trojan-activity;sid:84140758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.156.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277636/; classtype:trojan-activity;sid:84140736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.240.168.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277098/; classtype:trojan-activity;sid:84140198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.134.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277055/; classtype:trojan-activity;sid:84140155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276956)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"216.201.80.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276956/; classtype:trojan-activity;sid:84140056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276896)"; flow:established,from_client; content:"GET"; http_method; content:"/loistupidpet/sfdawsdawdaw/main/serials_checker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276896/; classtype:trojan-activity;sid:84139996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.24.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276887/; classtype:trojan-activity;sid:84139987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276851)"; flow:established,from_client; content:"GET"; http_method; content:"/bytrosyt/xuy/releases/download/dick/xclient.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276851/; classtype:trojan-activity;sid:84139951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276853)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/-/raw/main/xclient.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276853/; classtype:trojan-activity;sid:84139953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276854)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot2/raw/refs/heads/main/xclient.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276854/; classtype:trojan-activity;sid:84139954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276855)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/htt/raw/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276855/; classtype:trojan-activity;sid:84139955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276842)"; flow:established,from_client; content:"GET"; http_method; content:"/bodyblazexaa/dll/raw/main/xclient.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276842/; classtype:trojan-activity;sid:84139942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276843)"; flow:established,from_client; content:"GET"; http_method; content:"/2backside/stealercentral/raw/refs/heads/main/xclient.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276843/; classtype:trojan-activity;sid:84139943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276844)"; flow:established,from_client; content:"GET"; http_method; content:"/babadura123/banana/raw/refs/heads/main/xclient.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276844/; classtype:trojan-activity;sid:84139944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276845)"; flow:established,from_client; content:"GET"; http_method; content:"/makslalp123/rakdj213/raw/master/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276845/; classtype:trojan-activity;sid:84139945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276846)"; flow:established,from_client; content:"GET"; http_method; content:"/helelehelafsdf163/batata/raw/refs/heads/main/xclient.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276846/; classtype:trojan-activity;sid:84139946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276847)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/raw/main/xclient.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276847/; classtype:trojan-activity;sid:84139947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276848)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot1/raw/refs/heads/main/xclient.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276848/; classtype:trojan-activity;sid:84139948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276849)"; flow:established,from_client; content:"GET"; http_method; content:"/nomorelife1/te/raw/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276849/; classtype:trojan-activity;sid:84139949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276850)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/raw/main/xclient.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276850/; classtype:trojan-activity;sid:84139950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276841)"; flow:established,from_client; content:"GET"; http_method; content:"/tubocdev/ratbuildpenis/raw/main/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276841/; classtype:trojan-activity;sid:84139941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276839)"; flow:established,from_client; content:"GET"; http_method; content:"/bodyblazexaa/dll/raw/main/xclient.exe/"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276839/; classtype:trojan-activity;sid:84139939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276833)"; flow:established,from_client; content:"GET"; http_method; content:"/makslalp123/rakdj213/raw/master/xclient.exe/"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276833/; classtype:trojan-activity;sid:84139933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276826)"; flow:established,from_client; content:"GET"; http_method; content:"/tubocdev/ratbuildpenis/raw/main/xclient.exe/"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276826/; classtype:trojan-activity;sid:84139926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276827)"; flow:established,from_client; content:"GET"; http_method; content:"/nomorelife1/te/raw/main/xclient.exe/"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276827/; classtype:trojan-activity;sid:84139927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276828)"; flow:established,from_client; content:"GET"; http_method; content:"/uspat/capybara_jar/raw/main/xclient.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276828/; classtype:trojan-activity;sid:84139928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276829)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot1/raw/refs/heads/main/xclient.exe/"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276829/; classtype:trojan-activity;sid:84139929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276830)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/raw/main/xclient.exe/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276830/; classtype:trojan-activity;sid:84139930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276831)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/htt/raw/main/xclient.exe/"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276831/; classtype:trojan-activity;sid:84139931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276832)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/htt/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276832/; classtype:trojan-activity;sid:84139932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276824)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot2/raw/refs/heads/main/xclient.exe/"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276824/; classtype:trojan-activity;sid:84139924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276713)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gdn5yfjd.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276713/; classtype:trojan-activity;sid:84139813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276711)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kmvcsaed.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276711/; classtype:trojan-activity;sid:84139811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276712)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gdn5yfjd.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276712/; classtype:trojan-activity;sid:84139812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276708)"; flow:established,from_client; content:"GET"; http_method; content:"/reko/valid.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276708/; classtype:trojan-activity;sid:84139808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276705)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/feb9sxwk.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276705/; classtype:trojan-activity;sid:84139805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276706)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/feb9sxwk.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276706/; classtype:trojan-activity;sid:84139806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276703)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/myrdx.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276703/; classtype:trojan-activity;sid:84139803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276704)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/18ijuw13.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276704/; classtype:trojan-activity;sid:84139804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276607)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/18ijuw13.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276607/; classtype:trojan-activity;sid:84139707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276414)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kmvcsaed.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276414/; classtype:trojan-activity;sid:84139514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.214.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276391/; classtype:trojan-activity;sid:84139491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276256)"; flow:established,from_client; content:"GET"; http_method; content:"/nhatbuoitovcl/socks1/downloads/steal_stub.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276256/; classtype:trojan-activity;sid:84139356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276254)"; flow:established,from_client; content:"GET"; http_method; content:"/nhatbuoitovcl/adsthang/downloads/out.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276254/; classtype:trojan-activity;sid:84139354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276255)"; flow:established,from_client; content:"GET"; http_method; content:"/nhatbuoitovcl/adsthang/downloads/steal_stub.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276255/; classtype:trojan-activity;sid:84139355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276247)"; flow:established,from_client; content:"GET"; http_method; content:"/ag181/a/downloads/invoice.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276247/; classtype:trojan-activity;sid:84139347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.78.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276220/; classtype:trojan-activity;sid:84139320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.78.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276214/; classtype:trojan-activity;sid:84139314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276034)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.177.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276034/; classtype:trojan-activity;sid:84139134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276025)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cnc.carteldesinaloa.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276025/; classtype:trojan-activity;sid:84139125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276028)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnc.carteldesinaloa.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276028/; classtype:trojan-activity;sid:84139128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276029)"; flow:established,from_client; content:"GET"; http_method; content:"/update.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cnc.carteldesinaloa.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276029/; classtype:trojan-activity;sid:84139129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276020)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/nuklear.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"cnc.carteldesinaloa.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276020/; classtype:trojan-activity;sid:84139120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276024)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/nuklear.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cnc.carteldesinaloa.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276024/; classtype:trojan-activity;sid:84139124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275784)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/myrdx.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275784/; classtype:trojan-activity;sid:84138884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275786)"; flow:established,from_client; content:"GET"; http_method; content:"/reko/valid.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275786/; classtype:trojan-activity;sid:84138886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275753)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/nuklear.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"94.156.177.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275753/; classtype:trojan-activity;sid:84138853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275755)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/nuklear.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.156.177.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275755/; classtype:trojan-activity;sid:84138855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275751)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/nuklear.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.156.177.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275751/; classtype:trojan-activity;sid:84138851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275673)"; flow:established,from_client; content:"GET"; http_method; content:"/update"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.205.134.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275673/; classtype:trojan-activity;sid:84138773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275657)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1huotbd1zjmnea4wg46v7jnontoz7cpfk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275657/; classtype:trojan-activity;sid:84138757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275652)"; flow:established,from_client; content:"GET"; http_method; content:"/~lizard581/cgi-bin/imageup/data/1421.png"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"www.diced.jp"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275652/; classtype:trojan-activity;sid:84138752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.43.108.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275555/; classtype:trojan-activity;sid:84138655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.235.163.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275502/; classtype:trojan-activity;sid:84138602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.198.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275364/; classtype:trojan-activity;sid:84138464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.214.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275314/; classtype:trojan-activity;sid:84138414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275241)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1r7oi2jekx0ks1wqpt0ms3_kqvukzy3dv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275241/; classtype:trojan-activity;sid:84138341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275213)"; flow:established,from_client; content:"GET"; http_method; content:"/diamotrix.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275213/; classtype:trojan-activity;sid:84138313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274957/; classtype:trojan-activity;sid:84138057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.24.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274892/; classtype:trojan-activity;sid:84137992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.134.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274810/; classtype:trojan-activity;sid:84137910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.170.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274670/; classtype:trojan-activity;sid:84137770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.10.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274648/; classtype:trojan-activity;sid:84137748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.23.51.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274647/; classtype:trojan-activity;sid:84137747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.153.207.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274641/; classtype:trojan-activity;sid:84137741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.151.149.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274639/; classtype:trojan-activity;sid:84137739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.123.89.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274634/; classtype:trojan-activity;sid:84137734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.0.199.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274635/; classtype:trojan-activity;sid:84137735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.145.165.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274636/; classtype:trojan-activity;sid:84137736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.41.182.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274607/; classtype:trojan-activity;sid:84137707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.125.48.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274603/; classtype:trojan-activity;sid:84137703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.104.33.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274602/; classtype:trojan-activity;sid:84137702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.19.13.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274591/; classtype:trojan-activity;sid:84137691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.67.231.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274595/; classtype:trojan-activity;sid:84137695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.254.36.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274597/; classtype:trojan-activity;sid:84137697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.162.107.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274588/; classtype:trojan-activity;sid:84137688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.39.146.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274589/; classtype:trojan-activity;sid:84137689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.235.163.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274541/; classtype:trojan-activity;sid:84137641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.219.123.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274508/; classtype:trojan-activity;sid:84137608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274362)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eveezueigohehla.co"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274362/; classtype:trojan-activity;sid:84137462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274352)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eveezueigohehla.co"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274352/; classtype:trojan-activity;sid:84137452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274359)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"eveezueigohehla.co"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274359/; classtype:trojan-activity;sid:84137459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274325)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eveezueigohehla.co"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274325/; classtype:trojan-activity;sid:84137425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274342)"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"eveezueigohehla.co"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274342/; classtype:trojan-activity;sid:84137442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274344)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"eveezueigohehla.co"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274344/; classtype:trojan-activity;sid:84137444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274346)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eveezueigohehla.co"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274346/; classtype:trojan-activity;sid:84137446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274347)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"eveezueigohehla.co"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274347/; classtype:trojan-activity;sid:84137447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274351)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eveezueigohehla.co"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274351/; classtype:trojan-activity;sid:84137451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274282)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274282/; classtype:trojan-activity;sid:84137382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274274)"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274274/; classtype:trojan-activity;sid:84137374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274278)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274278/; classtype:trojan-activity;sid:84137378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274246)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274246/; classtype:trojan-activity;sid:84137346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274249)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274249/; classtype:trojan-activity;sid:84137349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274250)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274250/; classtype:trojan-activity;sid:84137350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274252)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274252/; classtype:trojan-activity;sid:84137352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274254)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274254/; classtype:trojan-activity;sid:84137354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274270)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274270/; classtype:trojan-activity;sid:84137370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.91.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274201/; classtype:trojan-activity;sid:84137301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274064)"; flow:established,from_client; content:"GET"; http_method; content:"/borisizdabezt/exitlag-hwid-spoofer/main/drv64.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274064/; classtype:trojan-activity;sid:84137164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274049)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/raw/main/spoofy.sys"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274049/; classtype:trojan-activity;sid:84137149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274046)"; flow:established,from_client; content:"GET"; http_method; content:"/skarsys/assaultcubecheat/main/spoofy.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274046/; classtype:trojan-activity;sid:84137146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274047)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/refs/heads/main/spoofy.sys"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274047/; classtype:trojan-activity;sid:84137147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274048)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/raw/refs/heads/main/spoofy.sys"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274048/; classtype:trojan-activity;sid:84137148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274003)"; flow:established,from_client; content:"GET"; http_method; content:"/b.pdf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"louise-monitors-mo-rating.trycloudflare.com"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274003/; classtype:trojan-activity;sid:84137103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274004)"; flow:established,from_client; content:"GET"; http_method; content:"/a.pdf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"louise-monitors-mo-rating.trycloudflare.com"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274004/; classtype:trojan-activity;sid:84137104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274000)"; flow:established,from_client; content:"GET"; http_method; content:"/june--pdf12.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"louise-monitors-mo-rating.trycloudflare.com"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274000/; classtype:trojan-activity;sid:84137100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274001)"; flow:established,from_client; content:"GET"; http_method; content:"/june--pdf11.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"louise-monitors-mo-rating.trycloudflare.com"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274001/; classtype:trojan-activity;sid:84137101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274002)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274002/; classtype:trojan-activity;sid:84137102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273981)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273981/; classtype:trojan-activity;sid:84137081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273982)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273982/; classtype:trojan-activity;sid:84137082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273983)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273983/; classtype:trojan-activity;sid:84137083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273984)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273984/; classtype:trojan-activity;sid:84137084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273986)"; flow:established,from_client; content:"GET"; http_method; content:"/june--pdf12.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"louise-monitors-mo-rating.trycloudflare.com"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273986/; classtype:trojan-activity;sid:84137086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273987)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273987/; classtype:trojan-activity;sid:84137087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273988)"; flow:established,from_client; content:"GET"; http_method; content:"/man.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"louise-monitors-mo-rating.trycloudflare.com"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273988/; classtype:trojan-activity;sid:84137088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273989)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273989/; classtype:trojan-activity;sid:84137089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273990)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273990/; classtype:trojan-activity;sid:84137090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273991)"; flow:established,from_client; content:"GET"; http_method; content:"/june--pdf11.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"louise-monitors-mo-rating.trycloudflare.com"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273991/; classtype:trojan-activity;sid:84137091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273994)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273994/; classtype:trojan-activity;sid:84137094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273995)"; flow:established,from_client; content:"GET"; http_method; content:"/man.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"louise-monitors-mo-rating.trycloudflare.com"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273995/; classtype:trojan-activity;sid:84137095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273996)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273996/; classtype:trojan-activity;sid:84137096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273997)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273997/; classtype:trojan-activity;sid:84137097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273998)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273998/; classtype:trojan-activity;sid:84137098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273999)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273999/; classtype:trojan-activity;sid:84137099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.13.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273967/; classtype:trojan-activity;sid:84137067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273949)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273949/; classtype:trojan-activity;sid:84137049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273941)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273941/; classtype:trojan-activity;sid:84137041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273940)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"134.122.170.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273940/; classtype:trojan-activity;sid:84137040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273934)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/ktyhpldea.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273934/; classtype:trojan-activity;sid:84137034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273935)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/ad/main/gestor%20de%20pedidos.apk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273935/; classtype:trojan-activity;sid:84137035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273936)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/-pril/refs/heads/main/pothjadwtrgh.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273936/; classtype:trojan-activity;sid:84137036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273937)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/ae/main/ready.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273937/; classtype:trojan-activity;sid:84137037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273921)"; flow:established,from_client; content:"GET"; http_method; content:"/.shell"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273921/; classtype:trojan-activity;sid:84137021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273922)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mirailover.ddns.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273922/; classtype:trojan-activity;sid:84137022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273923)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mirailover.ddns.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273923/; classtype:trojan-activity;sid:84137023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273924)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mirailover.ddns.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273924/; classtype:trojan-activity;sid:84137024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273925)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/ptihjawdthas.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273925/; classtype:trojan-activity;sid:84137025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273926)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mirailover.ddns.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273926/; classtype:trojan-activity;sid:84137026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273927)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/njrtdhadawt.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273927/; classtype:trojan-activity;sid:84137027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273928)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/ad/main/bb.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273928/; classtype:trojan-activity;sid:84137028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273930)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"download-winsdownload-wins.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273930/; classtype:trojan-activity;sid:84137030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273931)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/ad/main/ready.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273931/; classtype:trojan-activity;sid:84137031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273933)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/-pril/raw/refs/heads/main/pothjadwtrgh.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273933/; classtype:trojan-activity;sid:84137033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273911)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273911/; classtype:trojan-activity;sid:84137011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273912)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273912/; classtype:trojan-activity;sid:84137012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273913)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273913/; classtype:trojan-activity;sid:84137013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273914)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273914/; classtype:trojan-activity;sid:84137014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273915)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273915/; classtype:trojan-activity;sid:84137015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273916)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mirailover.ddns.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273916/; classtype:trojan-activity;sid:84137016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273917)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mirailover.ddns.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273917/; classtype:trojan-activity;sid:84137017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273918)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mirailover.ddns.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273918/; classtype:trojan-activity;sid:84137018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273919)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mirailover.ddns.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273919/; classtype:trojan-activity;sid:84137019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273920)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mirailover.ddns.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273920/; classtype:trojan-activity;sid:84137020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273907)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273907/; classtype:trojan-activity;sid:84137007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273908)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273908/; classtype:trojan-activity;sid:84137008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273909)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273909/; classtype:trojan-activity;sid:84137009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273910)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mirailover.ddns.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273910/; classtype:trojan-activity;sid:84137010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273904)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mirailover.ddns.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273904/; classtype:trojan-activity;sid:84137004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273906)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273906/; classtype:trojan-activity;sid:84137006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273903)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273903/; classtype:trojan-activity;sid:84137003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273898)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273898/; classtype:trojan-activity;sid:84136998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273887)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mirailover.ddns.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273887/; classtype:trojan-activity;sid:84136987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273888)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273888/; classtype:trojan-activity;sid:84136988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273889)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273889/; classtype:trojan-activity;sid:84136989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273890)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mirailover.ddns.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273890/; classtype:trojan-activity;sid:84136990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273891)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mirailover.ddns.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273891/; classtype:trojan-activity;sid:84136991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273871)"; flow:established,from_client; content:"GET"; http_method; content:"/masjesuscan"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273871/; classtype:trojan-activity;sid:84136971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273869)"; flow:established,from_client; content:"GET"; http_method; content:"/scan.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"216.126.231.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273869/; classtype:trojan-activity;sid:84136969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273868)"; flow:established,from_client; content:"GET"; http_method; content:"/download/telegram.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"telegramcn.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273868/; classtype:trojan-activity;sid:84136968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273841)"; flow:established,from_client; content:"GET"; http_method; content:"/files/telegram.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"telegram-app.vip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273841/; classtype:trojan-activity;sid:84136941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.237.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273685/; classtype:trojan-activity;sid:84136785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273651)"; flow:established,from_client; content:"GET"; http_method; content:"/newofff.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273651/; classtype:trojan-activity;sid:84136751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273648)"; flow:established,from_client; content:"GET"; http_method; content:"/office2024.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273648/; classtype:trojan-activity;sid:84136748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273646)"; flow:established,from_client; content:"GET"; http_method; content:"/exbuild.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273646/; classtype:trojan-activity;sid:84136746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273645)"; flow:established,from_client; content:"GET"; http_method; content:"/nework.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273645/; classtype:trojan-activity;sid:84136745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273634)"; flow:established,from_client; content:"GET"; http_method; content:"/cloudappsoftware/vsc/downloads/glitchclipper.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273634/; classtype:trojan-activity;sid:84136734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273635)"; flow:established,from_client; content:"GET"; http_method; content:"/cloudappsoftware/vsc/downloads/tenderque_nopump.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273635/; classtype:trojan-activity;sid:84136735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273621)"; flow:established,from_client; content:"GET"; http_method; content:"/stail.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273621/; classtype:trojan-activity;sid:84136721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273412)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build555.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273412/; classtype:trojan-activity;sid:84136512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273410)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/psfei0ez.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273410/; classtype:trojan-activity;sid:84136510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273411)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ldqj18tn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273411/; classtype:trojan-activity;sid:84136511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273408)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ldqj18tn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273408/; classtype:trojan-activity;sid:84136508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273406)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build555.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273406/; classtype:trojan-activity;sid:84136506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273407)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/psfei0ez.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273407/; classtype:trojan-activity;sid:84136507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273402)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hashed.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273402/; classtype:trojan-activity;sid:84136502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273403)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/installer.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273403/; classtype:trojan-activity;sid:84136503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273401)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/shopfree.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273401/; classtype:trojan-activity;sid:84136501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273400)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/blackload.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273400/; classtype:trojan-activity;sid:84136500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273398)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build11.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273398/; classtype:trojan-activity;sid:84136498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273399)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/j86piuq9.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273399/; classtype:trojan-activity;sid:84136499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273397)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273397/; classtype:trojan-activity;sid:84136497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273395)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/loadnew.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273395/; classtype:trojan-activity;sid:84136495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273396)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/probnik.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273396/; classtype:trojan-activity;sid:84136496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273394)"; flow:established,from_client; content:"GET"; http_method; content:"/off/random.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273394/; classtype:trojan-activity;sid:84136494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273393)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lgendpremium.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273393/; classtype:trojan-activity;sid:84136493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273391)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273391/; classtype:trojan-activity;sid:84136491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273392)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5gevcp8z.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273392/; classtype:trojan-activity;sid:84136492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273389)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/0b44ippu.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273389/; classtype:trojan-activity;sid:84136489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273390)"; flow:established,from_client; content:"GET"; http_method; content:"/store/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273390/; classtype:trojan-activity;sid:84136490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273386)"; flow:established,from_client; content:"GET"; http_method; content:"/well/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273386/; classtype:trojan-activity;sid:84136486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273387)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winrarinstall.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273387/; classtype:trojan-activity;sid:84136487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273388)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummetc.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273388/; classtype:trojan-activity;sid:84136488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273384)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/new_v8.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273384/; classtype:trojan-activity;sid:84136484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273385)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dsds.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273385/; classtype:trojan-activity;sid:84136485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273382)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ufw.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273382/; classtype:trojan-activity;sid:84136482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273383)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/divinedialogue.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273383/; classtype:trojan-activity;sid:84136483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273378)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/yxrd0ob7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273378/; classtype:trojan-activity;sid:84136478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273379)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/legas.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273379/; classtype:trojan-activity;sid:84136479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273380)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hhnjqu9y.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273380/; classtype:trojan-activity;sid:84136480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273381)"; flow:established,from_client; content:"GET"; http_method; content:"/off/def.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273381/; classtype:trojan-activity;sid:84136481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273375)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/final.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273375/; classtype:trojan-activity;sid:84136475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273376)"; flow:established,from_client; content:"GET"; http_method; content:"/coreopt/plugins/clip.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273376/; classtype:trojan-activity;sid:84136476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273377)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac222222.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273377/; classtype:trojan-activity;sid:84136477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273374)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/amadeus.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273374/; classtype:trojan-activity;sid:84136474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273372)"; flow:established,from_client; content:"GET"; http_method; content:"/mine/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273372/; classtype:trojan-activity;sid:84136472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273373)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/deliciouspart.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273373/; classtype:trojan-activity;sid:84136473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273371)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rdx123456.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273371/; classtype:trojan-activity;sid:84136471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273369)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bildnewl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273369/; classtype:trojan-activity;sid:84136469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273370)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/h5a71wdy.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273370/; classtype:trojan-activity;sid:84136470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273368)"; flow:established,from_client; content:"GET"; http_method; content:"/lumma/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273368/; classtype:trojan-activity;sid:84136468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273367)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/torque.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273367/; classtype:trojan-activity;sid:84136467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273365)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/tn8cdkzn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273365/; classtype:trojan-activity;sid:84136465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273366)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ewpeloxttug.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273366/; classtype:trojan-activity;sid:84136466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273364)"; flow:established,from_client; content:"GET"; http_method; content:"/coreopt/plugins/cred64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273364/; classtype:trojan-activity;sid:84136464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273362)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/prem1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273362/; classtype:trojan-activity;sid:84136462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273363)"; flow:established,from_client; content:"GET"; http_method; content:"/luma/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273363/; classtype:trojan-activity;sid:84136463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273359)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/diff.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273359/; classtype:trojan-activity;sid:84136459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273360)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winx86.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273360/; classtype:trojan-activity;sid:84136460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273361)"; flow:established,from_client; content:"GET"; http_method; content:"/soka/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273361/; classtype:trojan-activity;sid:84136461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273357)"; flow:established,from_client; content:"GET"; http_method; content:"/coreopt/plugins/cred.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273357/; classtype:trojan-activity;sid:84136457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273358)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/onlysteal.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273358/; classtype:trojan-activity;sid:84136458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273355)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kp8dnpa9.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273355/; classtype:trojan-activity;sid:84136455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273356)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/splwow64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273356/; classtype:trojan-activity;sid:84136456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273353)"; flow:established,from_client; content:"GET"; http_method; content:"/store/vidar.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273353/; classtype:trojan-activity;sid:84136453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273354)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/unison.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273354/; classtype:trojan-activity;sid:84136454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273352)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cvimelugfq.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273352/; classtype:trojan-activity;sid:84136452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273351)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/completestudio.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273351/; classtype:trojan-activity;sid:84136451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273348)"; flow:established,from_client; content:"GET"; http_method; content:"/test/num.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273348/; classtype:trojan-activity;sid:84136448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273349)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newbundle2.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273349/; classtype:trojan-activity;sid:84136449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273350)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pkcontent.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273350/; classtype:trojan-activity;sid:84136450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273346)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zts.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273346/; classtype:trojan-activity;sid:84136446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273347)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/softina.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273347/; classtype:trojan-activity;sid:84136447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273342)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ai2.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273342/; classtype:trojan-activity;sid:84136442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273343)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/loader_5879465914.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273343/; classtype:trojan-activity;sid:84136443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273344)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/exclude.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273344/; classtype:trojan-activity;sid:84136444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273345)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/octus.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273345/; classtype:trojan-activity;sid:84136445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273341)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bwapp.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273341/; classtype:trojan-activity;sid:84136441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273340)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/neonn.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273340/; classtype:trojan-activity;sid:84136440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273339)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vidsusername.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273339/; classtype:trojan-activity;sid:84136439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273338)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ewrvuh.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273338/; classtype:trojan-activity;sid:84136438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273337)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/installeraus.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273337/; classtype:trojan-activity;sid:84136437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273335)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ubi-inst.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273335/; classtype:trojan-activity;sid:84136435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273336)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273336/; classtype:trojan-activity;sid:84136436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273333)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/utility-inst.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273333/; classtype:trojan-activity;sid:84136433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273334)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gold1234.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273334/; classtype:trojan-activity;sid:84136434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273327)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup8.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273327/; classtype:trojan-activity;sid:84136427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273328)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/def.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273328/; classtype:trojan-activity;sid:84136428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273329)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rstxdhuj.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273329/; classtype:trojan-activity;sid:84136429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273330)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xyaw4fkp.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273330/; classtype:trojan-activity;sid:84136430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273331)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/controlledaccesspoint.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273331/; classtype:trojan-activity;sid:84136431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273332)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/chicken123.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273332/; classtype:trojan-activity;sid:84136432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273319)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/windowsexecutable.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273319/; classtype:trojan-activity;sid:84136419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273320)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted25.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273320/; classtype:trojan-activity;sid:84136420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273321)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/splwow64_1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273321/; classtype:trojan-activity;sid:84136421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273322)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/q1wnx5ir.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273322/; classtype:trojan-activity;sid:84136422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273324)"; flow:established,from_client; content:"GET"; http_method; content:"/coreopt/plugins/clip64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273324/; classtype:trojan-activity;sid:84136424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273325)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/singerjudy.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273325/; classtype:trojan-activity;sid:84136425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273326)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/processclass.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273326/; classtype:trojan-activity;sid:84136426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273314)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/123.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273314/; classtype:trojan-activity;sid:84136414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273315)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mk.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273315/; classtype:trojan-activity;sid:84136415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273316)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newbundle.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273316/; classtype:trojan-activity;sid:84136416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273317)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zzz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273317/; classtype:trojan-activity;sid:84136417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273318)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/unit.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273318/; classtype:trojan-activity;sid:84136418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273313)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/noll.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273313/; classtype:trojan-activity;sid:84136413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273308)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/87f3f2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273308/; classtype:trojan-activity;sid:84136408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273309)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/v7wa24td.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273309/; classtype:trojan-activity;sid:84136409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273310)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kiyan.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273310/; classtype:trojan-activity;sid:84136410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273311)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cccc2.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273311/; classtype:trojan-activity;sid:84136411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273312)"; flow:established,from_client; content:"GET"; http_method; content:"/test/do.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273312/; classtype:trojan-activity;sid:84136412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.188.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273295/; classtype:trojan-activity;sid:84136395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.82.227.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273249/; classtype:trojan-activity;sid:84136349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"98.233.5.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273192/; classtype:trojan-activity;sid:84136292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.235.163.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273176/; classtype:trojan-activity;sid:84136276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273161)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hhnjqu9y.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273161/; classtype:trojan-activity;sid:84136261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273148)"; flow:established,from_client; content:"GET"; http_method; content:"/store/vidar.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273148/; classtype:trojan-activity;sid:84136248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273145)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lespim"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273145/; classtype:trojan-activity;sid:84136245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273146)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/k86m"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273146/; classtype:trojan-activity;sid:84136246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273143)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/686i"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273143/; classtype:trojan-activity;sid:84136243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273144)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spim"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273144/; classtype:trojan-activity;sid:84136244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273131)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273131/; classtype:trojan-activity;sid:84136231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.248.13.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273108/; classtype:trojan-activity;sid:84136208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.13.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273059/; classtype:trojan-activity;sid:84136159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.12.6.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272954/; classtype:trojan-activity;sid:84136054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.6.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272920/; classtype:trojan-activity;sid:84136020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.3.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272906/; classtype:trojan-activity;sid:84136006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.158.161.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272682/; classtype:trojan-activity;sid:84135782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272559)"; flow:established,from_client; content:"GET"; http_method; content:"/index.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"hoteltoscanaplaza.com.co"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272559/; classtype:trojan-activity;sid:84135659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272555)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/atendimento.pdf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hoteltoscanaplaza.com.co"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272555/; classtype:trojan-activity;sid:84135655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272448)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/team.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272448/; classtype:trojan-activity;sid:84135548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272447)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/authenticator222.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272447/; classtype:trojan-activity;sid:84135547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272446)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identification.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272446/; classtype:trojan-activity;sid:84135546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272445)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1111.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272445/; classtype:trojan-activity;sid:84135545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272443)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dtrade_v1.3.6.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272443/; classtype:trojan-activity;sid:84135543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272444)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/postbox.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272444/; classtype:trojan-activity;sid:84135544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272442)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bitcoincore.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272442/; classtype:trojan-activity;sid:84135542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272441)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identification-1.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272441/; classtype:trojan-activity;sid:84135541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272440)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/indentif.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272440/; classtype:trojan-activity;sid:84135540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272439)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/authenticator.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272439/; classtype:trojan-activity;sid:84135539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272438)"; flow:established,from_client; content:"GET"; http_method; content:"/thanksforusingourwebsite/serv/downloads/statement-110122025.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272438/; classtype:trojan-activity;sid:84135538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272437)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gift-info.lmg.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272437/; classtype:trojan-activity;sid:84135537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272436)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/main.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272436/; classtype:trojan-activity;sid:84135536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272435)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272435/; classtype:trojan-activity;sid:84135535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272433)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clcs.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272433/; classtype:trojan-activity;sid:84135533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272434)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyl64.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272434/; classtype:trojan-activity;sid:84135534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272432)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/installer.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272432/; classtype:trojan-activity;sid:84135532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272430)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/8.11.9-windows.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272430/; classtype:trojan-activity;sid:84135530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272431)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identifications.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272431/; classtype:trojan-activity;sid:84135531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272428)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pctoccurred.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272428/; classtype:trojan-activity;sid:84135528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272427)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cudo.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272427/; classtype:trojan-activity;sid:84135527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272425)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272425/; classtype:trojan-activity;sid:84135525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272424)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5447jsx.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272424/; classtype:trojan-activity;sid:84135524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272423)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kill.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272423/; classtype:trojan-activity;sid:84135523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272421)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/anticheat.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272421/; classtype:trojan-activity;sid:84135521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272422)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mobiletrans.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272422/; classtype:trojan-activity;sid:84135522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272419)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/coreplugin.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272419/; classtype:trojan-activity;sid:84135519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272420)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dcratbuild.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272420/; classtype:trojan-activity;sid:84135520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272418)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/whiteheroin.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272418/; classtype:trojan-activity;sid:84135518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272417)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/nano.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272417/; classtype:trojan-activity;sid:84135517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272416)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/considerablewinners.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272416/; classtype:trojan-activity;sid:84135516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272414)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyld64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272414/; classtype:trojan-activity;sid:84135514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272412)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vn70wvxw.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272412/; classtype:trojan-activity;sid:84135512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272413)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/yoyf.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272413/; classtype:trojan-activity;sid:84135513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272411)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272411/; classtype:trojan-activity;sid:84135511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272408)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/systems.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272408/; classtype:trojan-activity;sid:84135508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272405)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svchost.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272405/; classtype:trojan-activity;sid:84135505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272406)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/univ.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272406/; classtype:trojan-activity;sid:84135506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272401)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhosts.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272401/; classtype:trojan-activity;sid:84135501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272403)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/penis.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272403/; classtype:trojan-activity;sid:84135503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272404)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/operation6572.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272404/; classtype:trojan-activity;sid:84135504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272399)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/frap.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272399/; classtype:trojan-activity;sid:84135499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272400)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/splwow64.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272400/; classtype:trojan-activity;sid:84135500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272398)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rms1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272398/; classtype:trojan-activity;sid:84135498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272397)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/edge.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272397/; classtype:trojan-activity;sid:84135497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272394)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mepaxil.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272394/; classtype:trojan-activity;sid:84135494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272395)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/armadegon.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272395/; classtype:trojan-activity;sid:84135495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272393)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pimer_bbbcontents7.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272393/; classtype:trojan-activity;sid:84135493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272392)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zzzz1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272392/; classtype:trojan-activity;sid:84135492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272390)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ven_protected.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272390/; classtype:trojan-activity;sid:84135490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272391)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/test.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272391/; classtype:trojan-activity;sid:84135491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272389)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rage.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272389/; classtype:trojan-activity;sid:84135489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272387)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_default.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272387/; classtype:trojan-activity;sid:84135487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272388)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/buildred.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272388/; classtype:trojan-activity;sid:84135488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272386)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build11.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272386/; classtype:trojan-activity;sid:84135486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272384)"; flow:established,from_client; content:"GET"; http_method; content:"/lee.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"101.133.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272384/; classtype:trojan-activity;sid:84135484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272385)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/install2.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272385/; classtype:trojan-activity;sid:84135485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272383)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/s%d0%b5tup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272383/; classtype:trojan-activity;sid:84135483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272380)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hvnc1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272380/; classtype:trojan-activity;sid:84135480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272378)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/windowsui.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272378/; classtype:trojan-activity;sid:84135478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272377)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhostc.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272377/; classtype:trojan-activity;sid:84135477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272376)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/channel1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272376/; classtype:trojan-activity;sid:84135476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272375)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/client.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272375/; classtype:trojan-activity;sid:84135475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272374)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/firefox.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272374/; classtype:trojan-activity;sid:84135474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272373)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vlst.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272373/; classtype:trojan-activity;sid:84135473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272371)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ghost_0x000263826b9a9b91.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272371/; classtype:trojan-activity;sid:84135471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272370)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/robotic.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272370/; classtype:trojan-activity;sid:84135470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272368)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/23c2343.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272368/; classtype:trojan-activity;sid:84135468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272369)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/decryptjohn.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272369/; classtype:trojan-activity;sid:84135469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272367)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ukodbcdcl.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272367/; classtype:trojan-activity;sid:84135467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272364)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/resex.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272364/; classtype:trojan-activity;sid:84135464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272365)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/launcher.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272365/; classtype:trojan-activity;sid:84135465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272363)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5_6190317556063017550.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272363/; classtype:trojan-activity;sid:84135463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272361)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clip.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272361/; classtype:trojan-activity;sid:84135461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272362)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/taskhost.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272362/; classtype:trojan-activity;sid:84135462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272359)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/golden.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272359/; classtype:trojan-activity;sid:84135459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272358)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypteda.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272358/; classtype:trojan-activity;sid:84135458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272356)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxl.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272356/; classtype:trojan-activity;sid:84135456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272355)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/meta.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272355/; classtype:trojan-activity;sid:84135455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272353)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/drchoe.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272353/; classtype:trojan-activity;sid:84135453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272352)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272352/; classtype:trojan-activity;sid:84135452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272350)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pharmaciesdetection.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272350/; classtype:trojan-activity;sid:84135450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272351)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/soft.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272351/; classtype:trojan-activity;sid:84135451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272348)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/worker.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272348/; classtype:trojan-activity;sid:84135448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272349)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac2.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272349/; classtype:trojan-activity;sid:84135449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272346)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/qqq.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272346/; classtype:trojan-activity;sid:84135446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272347)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/t3.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272347/; classtype:trojan-activity;sid:84135447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272345)"; flow:established,from_client; content:"GET"; http_method; content:"/thanksforusingourwebsite/serv/downloads/statement-415322024.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272345/; classtype:trojan-activity;sid:84135445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272344)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/s%d0%b5tu%d1%80111.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272344/; classtype:trojan-activity;sid:84135444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272342)"; flow:established,from_client; content:"GET"; http_method; content:"/thanksforusingourwebsite/serv/downloads/statement-415322025.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272342/; classtype:trojan-activity;sid:84135442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272343)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xt.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272343/; classtype:trojan-activity;sid:84135443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272340)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-27_00-41.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272340/; classtype:trojan-activity;sid:84135440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272341)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3546345.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272341/; classtype:trojan-activity;sid:84135441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272339)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/needmoney.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272339/; classtype:trojan-activity;sid:84135439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272337)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pered.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272337/; classtype:trojan-activity;sid:84135437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272336)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dos.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272336/; classtype:trojan-activity;sid:84135436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272335)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/runtime.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272335/; classtype:trojan-activity;sid:84135435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272333)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac22222.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272333/; classtype:trojan-activity;sid:84135433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272334)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/contorax.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272334/; classtype:trojan-activity;sid:84135434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272332)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/survox.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272332/; classtype:trojan-activity;sid:84135432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272330)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ovrflw.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272330/; classtype:trojan-activity;sid:84135430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272331)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cookie250.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272331/; classtype:trojan-activity;sid:84135431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272328)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/opdxdyeul.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272328/; classtype:trojan-activity;sid:84135428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272327)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/out_test_sig.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272327/; classtype:trojan-activity;sid:84135427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272323)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/06082025.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272323/; classtype:trojan-activity;sid:84135423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272322)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/12.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272322/; classtype:trojan-activity;sid:84135422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272321)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/freedom.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272321/; classtype:trojan-activity;sid:84135421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272320)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/25072023.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272320/; classtype:trojan-activity;sid:84135420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272318)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/baddstore.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272318/; classtype:trojan-activity;sid:84135418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272315)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/set-up.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272315/; classtype:trojan-activity;sid:84135415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272313)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2020.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272313/; classtype:trojan-activity;sid:84135413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272314)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/microsoft.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272314/; classtype:trojan-activity;sid:84135414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272312)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/js.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272312/; classtype:trojan-activity;sid:84135412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272310)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/doc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272310/; classtype:trojan-activity;sid:84135410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272311)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/out.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272311/; classtype:trojan-activity;sid:84135411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272308)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/file1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272308/; classtype:trojan-activity;sid:84135408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272306)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/channel.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272306/; classtype:trojan-activity;sid:84135406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272307)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/armanivenntii_crypted_easy.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272307/; classtype:trojan-activity;sid:84135407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272302)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zxcv.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272302/; classtype:trojan-activity;sid:84135402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272304)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/file.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272304/; classtype:trojan-activity;sid:84135404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272305)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/googleupdate.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272305/; classtype:trojan-activity;sid:84135405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272301)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vhpcde.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272301/; classtype:trojan-activity;sid:84135401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272300)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kitty.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272300/; classtype:trojan-activity;sid:84135400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272297)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gawdth.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272297/; classtype:trojan-activity;sid:84135397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272296)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/surfex.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272296/; classtype:trojan-activity;sid:84135396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272293)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/explorer.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272293/; classtype:trojan-activity;sid:84135393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272294)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyld611114.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272294/; classtype:trojan-activity;sid:84135394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272291)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newfile.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272291/; classtype:trojan-activity;sid:84135391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272289)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted8888.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272289/; classtype:trojan-activity;sid:84135389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272287)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272287/; classtype:trojan-activity;sid:84135387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272284)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/300.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272284/; classtype:trojan-activity;sid:84135384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272285)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/creal.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272285/; classtype:trojan-activity;sid:84135385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272281)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/scheduledllama.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272281/; classtype:trojan-activity;sid:84135381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272282)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/new1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272282/; classtype:trojan-activity;sid:84135382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272277)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cc2.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272277/; classtype:trojan-activity;sid:84135377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272278)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jsawdtyjde.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272278/; classtype:trojan-activity;sid:84135378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272279)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/uhigdbf.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272279/; classtype:trojan-activity;sid:84135379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272280)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5_6253708004881862888.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272280/; classtype:trojan-activity;sid:84135380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272276)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build9.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272276/; classtype:trojan-activity;sid:84135376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272272)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cbmefxrmnv.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272272/; classtype:trojan-activity;sid:84135372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272271)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272271/; classtype:trojan-activity;sid:84135371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272267)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3544436.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272267/; classtype:trojan-activity;sid:84135367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272268)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/broadcom5.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272268/; classtype:trojan-activity;sid:84135368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272270)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_valenciga.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272270/; classtype:trojan-activity;sid:84135370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272266)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/neon.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272266/; classtype:trojan-activity;sid:84135366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272264)"; flow:established,from_client; content:"GET"; http_method; content:"/gopal4/twerrweteryw/downloads/hjdfgkh.jpg"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272264/; classtype:trojan-activity;sid:84135364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272261)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rorukal.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272261/; classtype:trojan-activity;sid:84135361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272262)"; flow:established,from_client; content:"GET"; http_method; content:"/we.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.133.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272262/; classtype:trojan-activity;sid:84135362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272263)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_default2.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272263/; classtype:trojan-activity;sid:84135363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272260)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/annesalt.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272260/; classtype:trojan-activity;sid:84135360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272258)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummnew.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272258/; classtype:trojan-activity;sid:84135358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272259)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/influencednervous.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272259/; classtype:trojan-activity;sid:84135359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272257)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/client_protected.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272257/; classtype:trojan-activity;sid:84135357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272256)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pichon.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272256/; classtype:trojan-activity;sid:84135356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272253)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bandwidth_monitor.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272253/; classtype:trojan-activity;sid:84135353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272254)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/morphic.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272254/; classtype:trojan-activity;sid:84135354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272251)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272251/; classtype:trojan-activity;sid:84135351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272249)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/14082024.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272249/; classtype:trojan-activity;sid:84135349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272250)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/battlegermany.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272250/; classtype:trojan-activity;sid:84135350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272248)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/diskutility.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272248/; classtype:trojan-activity;sid:84135348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272246)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/soft2.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272246/; classtype:trojan-activity;sid:84135346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272247)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/amadey.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272247/; classtype:trojan-activity;sid:84135347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272243)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5knchalah.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272243/; classtype:trojan-activity;sid:84135343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272244)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/semiconductornot.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272244/; classtype:trojan-activity;sid:84135344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272242)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/onedrive.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272242/; classtype:trojan-activity;sid:84135342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272240)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4434.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272240/; classtype:trojan-activity;sid:84135340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272241)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bundle.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272241/; classtype:trojan-activity;sid:84135341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272237)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mynewrdx.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272237/; classtype:trojan-activity;sid:84135337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272239)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winn.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272239/; classtype:trojan-activity;sid:84135339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272233)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/343dsxs.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272233/; classtype:trojan-activity;sid:84135333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272231)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-25_20-56.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272231/; classtype:trojan-activity;sid:84135331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272232)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4ck3rr.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272232/; classtype:trojan-activity;sid:84135332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272228)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272228/; classtype:trojan-activity;sid:84135328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272229)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cnyvvl.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272229/; classtype:trojan-activity;sid:84135329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272226)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cclent.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272226/; classtype:trojan-activity;sid:84135326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272225)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dccrypt.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272225/; classtype:trojan-activity;sid:84135325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272224)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/major.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272224/; classtype:trojan-activity;sid:84135324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272222)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/server.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272222/; classtype:trojan-activity;sid:84135322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272223)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cvv.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272223/; classtype:trojan-activity;sid:84135323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272216)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/seo.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272216/; classtype:trojan-activity;sid:84135316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272217)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/redsystem.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272217/; classtype:trojan-activity;sid:84135317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272218)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/msedge.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272218/; classtype:trojan-activity;sid:84135318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272219)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/purlog.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272219/; classtype:trojan-activity;sid:84135319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272220)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gsprout.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272220/; classtype:trojan-activity;sid:84135320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272221)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mswgoudnv.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272221/; classtype:trojan-activity;sid:84135321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272212)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/30072024.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272212/; classtype:trojan-activity;sid:84135312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272213)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clsid.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272213/; classtype:trojan-activity;sid:84135313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272214)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xclient_protected.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272214/; classtype:trojan-activity;sid:84135314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272215)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-24_23-16.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272215/; classtype:trojan-activity;sid:84135315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272210)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/request.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272210/; classtype:trojan-activity;sid:84135310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272211)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxxx.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272211/; classtype:trojan-activity;sid:84135311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272207)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/123.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272207/; classtype:trojan-activity;sid:84135307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272208)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stub.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272208/; classtype:trojan-activity;sid:84135308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272209)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gold.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272209/; classtype:trojan-activity;sid:84135309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272198)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gagagggagagag.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272198/; classtype:trojan-activity;sid:84135298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272200)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/consoleapp3.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272200/; classtype:trojan-activity;sid:84135300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272202)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xm.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272202/; classtype:trojan-activity;sid:84135302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272203)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vidar.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272203/; classtype:trojan-activity;sid:84135303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272204)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_daval.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272204/; classtype:trojan-activity;sid:84135304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272205)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/northsperm.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272205/; classtype:trojan-activity;sid:84135305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272196)"; flow:established,from_client; content:"GET"; http_method; content:"/gopal4/twerrweteryw/downloads/myimge.jpg|3f|14441723"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272196/; classtype:trojan-activity;sid:84135296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272197)"; flow:established,from_client; content:"GET"; http_method; content:"/gopal4/twerrweteryw/downloads/myimge.jpg|3f|13441721"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272197/; classtype:trojan-activity;sid:84135297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272091)"; flow:established,from_client; content:"GET"; http_method; content:"/marcin2123/jjsploit/raw/refs/heads/main/jjsploit_8.10.7_x64-setup.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272091/; classtype:trojan-activity;sid:84135191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272092)"; flow:established,from_client; content:"GET"; http_method; content:"/ordogos2/g575/releases/download/download/setup.7.0.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272092/; classtype:trojan-activity;sid:84135192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272093)"; flow:established,from_client; content:"GET"; http_method; content:"/kookspook24/ovix-gta-5-mod-menu-updated/releases/download/ovix-mod-menu/launcher.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272093/; classtype:trojan-activity;sid:84135193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272094)"; flow:established,from_client; content:"GET"; http_method; content:"/marcin2123/jjsploit/refs/heads/main/jjsploit_8.10.7_x64-setup.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272094/; classtype:trojan-activity;sid:84135194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272090)"; flow:established,from_client; content:"GET"; http_method; content:"/marcin2123/jjsploit/refs/heads/main/file_jjsploit"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272090/; classtype:trojan-activity;sid:84135190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.233.5.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272019/; classtype:trojan-activity;sid:84135119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272016)"; flow:established,from_client; content:"GET"; http_method; content:"/system.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.197.69.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272016/; classtype:trojan-activity;sid:84135116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272015)"; flow:established,from_client; content:"GET"; http_method; content:"/zcc.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272015/; classtype:trojan-activity;sid:84135115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272008)"; flow:established,from_client; content:"GET"; http_method; content:"/c3pool7.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"c3poolbat.oss-accelerate.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272008/; classtype:trojan-activity;sid:84135108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272005)"; flow:established,from_client; content:"GET"; http_method; content:"/autoc3pool.bat"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c3poolbat.oss-accelerate.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272005/; classtype:trojan-activity;sid:84135105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271922)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/injector.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271922/; classtype:trojan-activity;sid:84135022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271923)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/injectorold.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271923/; classtype:trojan-activity;sid:84135023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271924)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/driver.sys"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271924/; classtype:trojan-activity;sid:84135024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271925)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/loader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271925/; classtype:trojan-activity;sid:84135025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271919)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/ogfn%20updater.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271919/; classtype:trojan-activity;sid:84135019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271920)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/pclient.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271920/; classtype:trojan-activity;sid:84135020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271921)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/kdmapper_release.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271921/; classtype:trojan-activity;sid:84135021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271910)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm7/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271910/; classtype:trojan-activity;sid:84135010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271883)"; flow:established,from_client; content:"GET"; http_method; content:"/f.php|3f|h=1q-otf4a|7c|26|7c|d=1"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"soyjak.download"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271883/; classtype:trojan-activity;sid:84134983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271880)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/anzvlgkl.vdf"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"municipiodomaio.cv"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271880/; classtype:trojan-activity;sid:84134980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271878)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/gkall.dat"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"municipiodomaio.cv"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271878/; classtype:trojan-activity;sid:84134978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271877)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/anzvlgkl.vdf"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"municipiodomaio.cv"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271877/; classtype:trojan-activity;sid:84134977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271874)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/pkwihcjnew.dat"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"municipiodomaio.cv"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271874/; classtype:trojan-activity;sid:84134974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271875)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/byxhfqgpzkc.dat"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"municipiodomaio.cv"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271875/; classtype:trojan-activity;sid:84134975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271873)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/wdscn.vdf"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"municipiodomaio.cv"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271873/; classtype:trojan-activity;sid:84134973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271869)"; flow:established,from_client; content:"GET"; http_method; content:"/f.php|3f|h=2oadjzfo|7c|26|7c|p=1"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"soyjak.download"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271869/; classtype:trojan-activity;sid:84134969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271857)"; flow:established,from_client; content:"GET"; http_method; content:"/f.php|3f|h=3s4oce2r|7c|26|7c|d=1"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"soyjak.download"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271857/; classtype:trojan-activity;sid:84134957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271832)"; flow:established,from_client; content:"GET"; http_method; content:"/f.php|3f|h=1hgmygva|7c|26|7c|d=1"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"soyjak.download"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271832/; classtype:trojan-activity;sid:84134932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271827)"; flow:established,from_client; content:"GET"; http_method; content:"/f.php|3f|h=1rjot3of|7c|26|7c|d=1"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"soyjak.download"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271827/; classtype:trojan-activity;sid:84134927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271820)"; flow:established,from_client; content:"GET"; http_method; content:"/f.php|3f|h=1en-nmxf|7c|26|7c|d=1"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"soyjak.download"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271820/; classtype:trojan-activity;sid:84134920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271787)"; flow:established,from_client; content:"GET"; http_method; content:"/f.php|3f|h=1wjdqhl5|7c|26|7c|d=1"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"soyjak.download"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271787/; classtype:trojan-activity;sid:84134887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271756)"; flow:established,from_client; content:"GET"; http_method; content:"/f.php|3f|h=0q45fll6|7c|26|7c|d=1"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"soyjak.download"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271756/; classtype:trojan-activity;sid:84134856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271749)"; flow:established,from_client; content:"GET"; http_method; content:"/f.php|3f|h=16ajcfmn|7c|26|7c|p=1"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"soyjak.download"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271749/; classtype:trojan-activity;sid:84134849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271735)"; flow:established,from_client; content:"GET"; http_method; content:"/f.php|3f|h=0vmptzyx|7c|26|7c|d=1"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"soyjak.download"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271735/; classtype:trojan-activity;sid:84134835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271709)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/prg8btry"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271709/; classtype:trojan-activity;sid:84134809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271698)"; flow:established,from_client; content:"GET"; http_method; content:"/pubolupdate.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271698/; classtype:trojan-activity;sid:84134798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271696)"; flow:established,from_client; content:"GET"; http_method; content:"/qqnetbar.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271696/; classtype:trojan-activity;sid:84134796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271695)"; flow:established,from_client; content:"GET"; http_method; content:"/aida64.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271695/; classtype:trojan-activity;sid:84134795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271694)"; flow:established,from_client; content:"GET"; http_method; content:"/rlaz.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271694/; classtype:trojan-activity;sid:84134794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271693)"; flow:established,from_client; content:"GET"; http_method; content:"/checkypc.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271693/; classtype:trojan-activity;sid:84134793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271692)"; flow:established,from_client; content:"GET"; http_method; content:"/vc17x64.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271692/; classtype:trojan-activity;sid:84134792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271690)"; flow:established,from_client; content:"GET"; http_method; content:"/remotelyanywhere11.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271690/; classtype:trojan-activity;sid:84134790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271687)"; flow:established,from_client; content:"GET"; http_method; content:"/rlol.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271687/; classtype:trojan-activity;sid:84134787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271688)"; flow:established,from_client; content:"GET"; http_method; content:"/clean.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271688/; classtype:trojan-activity;sid:84134788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271686)"; flow:established,from_client; content:"GET"; http_method; content:"/qwsrv3.3.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271686/; classtype:trojan-activity;sid:84134786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271681)"; flow:established,from_client; content:"GET"; http_method; content:"/x210.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271681/; classtype:trojan-activity;sid:84134781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271682)"; flow:established,from_client; content:"GET"; http_method; content:"/kb2868626x64.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271682/; classtype:trojan-activity;sid:84134782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271683)"; flow:established,from_client; content:"GET"; http_method; content:"/ydcx.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271683/; classtype:trojan-activity;sid:84134783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271684)"; flow:established,from_client; content:"GET"; http_method; content:"/smb.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271684/; classtype:trojan-activity;sid:84134784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271685)"; flow:established,from_client; content:"GET"; http_method; content:"/kb2808679x64.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271685/; classtype:trojan-activity;sid:84134785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271678)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271678/; classtype:trojan-activity;sid:84134778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271679)"; flow:established,from_client; content:"GET"; http_method; content:"/rlpb15.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271679/; classtype:trojan-activity;sid:84134779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271680)"; flow:established,from_client; content:"GET"; http_method; content:"/hydkj.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271680/; classtype:trojan-activity;sid:84134780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271675)"; flow:established,from_client; content:"GET"; http_method; content:"/autoruns.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271675/; classtype:trojan-activity;sid:84134775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271676)"; flow:established,from_client; content:"GET"; http_method; content:"/xwwn.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271676/; classtype:trojan-activity;sid:84134776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271677)"; flow:established,from_client; content:"GET"; http_method; content:"/wbgjupdate.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271677/; classtype:trojan-activity;sid:84134777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271674)"; flow:established,from_client; content:"GET"; http_method; content:"/sgn.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271674/; classtype:trojan-activity;sid:84134774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271673)"; flow:established,from_client; content:"GET"; http_method; content:"/cysoft/winrarx64521sc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271673/; classtype:trojan-activity;sid:84134773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271670)"; flow:established,from_client; content:"GET"; http_method; content:"/wgupdate.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271670/; classtype:trojan-activity;sid:84134770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271671)"; flow:established,from_client; content:"GET"; http_method; content:"/msbd.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271671/; classtype:trojan-activity;sid:84134771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271672)"; flow:established,from_client; content:"GET"; http_method; content:"/hdtune.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271672/; classtype:trojan-activity;sid:84134772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271669)"; flow:established,from_client; content:"GET"; http_method; content:"/fping.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ywxww.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271669/; classtype:trojan-activity;sid:84134769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271668)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271668/; classtype:trojan-activity;sid:84134768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271664)"; flow:established,from_client; content:"GET"; http_method; content:"/wblog.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271664/; classtype:trojan-activity;sid:84134764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271666)"; flow:established,from_client; content:"GET"; http_method; content:"/steam.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271666/; classtype:trojan-activity;sid:84134766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271661)"; flow:established,from_client; content:"GET"; http_method; content:"/xwwupdate.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271661/; classtype:trojan-activity;sid:84134761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271662)"; flow:established,from_client; content:"GET"; http_method; content:"/zwywupdate.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ywxww.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271662/; classtype:trojan-activity;sid:84134762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271663)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271663/; classtype:trojan-activity;sid:84134763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271654)"; flow:established,from_client; content:"GET"; http_method; content:"/bxupdate.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271654/; classtype:trojan-activity;sid:84134754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271655)"; flow:established,from_client; content:"GET"; http_method; content:"/bxn.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271655/; classtype:trojan-activity;sid:84134755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271656)"; flow:established,from_client; content:"GET"; http_method; content:"/zwyw.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271656/; classtype:trojan-activity;sid:84134756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271657)"; flow:established,from_client; content:"GET"; http_method; content:"/sg.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271657/; classtype:trojan-activity;sid:84134757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271658)"; flow:established,from_client; content:"GET"; http_method; content:"/sgupdate.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271658/; classtype:trojan-activity;sid:84134758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271659)"; flow:established,from_client; content:"GET"; http_method; content:"/cpie.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271659/; classtype:trojan-activity;sid:84134759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271652)"; flow:established,from_client; content:"GET"; http_method; content:"/wgn.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271652/; classtype:trojan-activity;sid:84134752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271653)"; flow:established,from_client; content:"GET"; http_method; content:"/wljc.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271653/; classtype:trojan-activity;sid:84134753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271651)"; flow:established,from_client; content:"GET"; http_method; content:"/wbgjn.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271651/; classtype:trojan-activity;sid:84134751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271642)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271642/; classtype:trojan-activity;sid:84134742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271634)"; flow:established,from_client; content:"GET"; http_method; content:"/undertalanted/mod/refs/heads/main/svchost.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271634/; classtype:trojan-activity;sid:84134734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271633)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a12xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271633/; classtype:trojan-activity;sid:84134733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271632)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a18qqq1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271632/; classtype:trojan-activity;sid:84134732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271630)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a23uuu1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271630/; classtype:trojan-activity;sid:84134730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271631)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a19ccc1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271631/; classtype:trojan-activity;sid:84134731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271626)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/tempspooferxx/raw/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271626/; classtype:trojan-activity;sid:84134726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271627)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/sigma-nonrat/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271627/; classtype:trojan-activity;sid:84134727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271628)"; flow:established,from_client; content:"GET"; http_method; content:"/furystorage/api/raw/main/svchost.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271628/; classtype:trojan-activity;sid:84134728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271629)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a15aaa1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271629/; classtype:trojan-activity;sid:84134729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271624)"; flow:established,from_client; content:"GET"; http_method; content:"/sdifru877234/ilu123g5/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271624/; classtype:trojan-activity;sid:84134724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271619)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"litexcheats.netlify.app"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271619/; classtype:trojan-activity;sid:84134719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271618)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"122.51.183.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271618/; classtype:trojan-activity;sid:84134718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271617)"; flow:established,from_client; content:"GET"; http_method; content:"/regolx1/hadb/refs/heads/main/svchost.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271617/; classtype:trojan-activity;sid:84134717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271616)"; flow:established,from_client; content:"GET"; http_method; content:"/2backside/stealercentral/refs/heads/main/svchost.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271616/; classtype:trojan-activity;sid:84134716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271615)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/main/client-built.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271615/; classtype:trojan-activity;sid:84134715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271614)"; flow:established,from_client; content:"GET"; http_method; content:"/chokopie333/doom/main/svchost.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271614/; classtype:trojan-activity;sid:84134714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271612)"; flow:established,from_client; content:"GET"; http_method; content:"/artem674118/erterytry/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271612/; classtype:trojan-activity;sid:84134712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271613)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/sigma-nonrat/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271613/; classtype:trojan-activity;sid:84134713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271608)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/tempspooferxx/main/svchost.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271608/; classtype:trojan-activity;sid:84134708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271609)"; flow:established,from_client; content:"GET"; http_method; content:"/morgantaraum/automatic-octo-barnacle/refs/heads/main/svchost.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271609/; classtype:trojan-activity;sid:84134709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271610)"; flow:established,from_client; content:"GET"; http_method; content:"/media/furystorage/api/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"media.githubusercontent.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271610/; classtype:trojan-activity;sid:84134710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271611)"; flow:established,from_client; content:"GET"; http_method; content:"/zodiac1616/test/refs/heads/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271611/; classtype:trojan-activity;sid:84134711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271605)"; flow:established,from_client; content:"GET"; http_method; content:"/sdifru877234/ilu123g5/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271605/; classtype:trojan-activity;sid:84134705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271602)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a12xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271602/; classtype:trojan-activity;sid:84134702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271603)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a19ccc1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271603/; classtype:trojan-activity;sid:84134703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271604)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a18qqq1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271604/; classtype:trojan-activity;sid:84134704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271601)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a23uuu1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271601/; classtype:trojan-activity;sid:84134701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271599)"; flow:established,from_client; content:"GET"; http_method; content:"/user337666/brow666/raw/main/svchost.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271599/; classtype:trojan-activity;sid:84134699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271597)"; flow:established,from_client; content:"GET"; http_method; content:"/thomson101/thomson101/releases/download/role/svchost.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271597/; classtype:trojan-activity;sid:84134697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271598)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a15aaa1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271598/; classtype:trojan-activity;sid:84134698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271591)"; flow:established,from_client; content:"GET"; http_method; content:"/furystorage/api/raw/main/svchost.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271591/; classtype:trojan-activity;sid:84134691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271592)"; flow:established,from_client; content:"GET"; http_method; content:"/692-ez/ratta/raw/refs/heads/main/svchost.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271592/; classtype:trojan-activity;sid:84134692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271593)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/raw/main/client-built.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271593/; classtype:trojan-activity;sid:84134693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271594)"; flow:established,from_client; content:"GET"; http_method; content:"/artem674118/erterytry/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271594/; classtype:trojan-activity;sid:84134694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271595)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/tempspooferxx/raw/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271595/; classtype:trojan-activity;sid:84134695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271596)"; flow:established,from_client; content:"GET"; http_method; content:"/heresfilly09-9/fornova/raw/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271596/; classtype:trojan-activity;sid:84134696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271585)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/raw/main/xclient.exe/"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271585/; classtype:trojan-activity;sid:84134685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271586)"; flow:established,from_client; content:"GET"; http_method; content:"/chokopie333/doom/raw/main/svchost.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271586/; classtype:trojan-activity;sid:84134686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271587)"; flow:established,from_client; content:"GET"; http_method; content:"/morgantaraum/automatic-octo-barnacle/raw/refs/heads/main/svchost.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271587/; classtype:trojan-activity;sid:84134687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271588)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/sigma-nonrat/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271588/; classtype:trojan-activity;sid:84134688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271589)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/sigma-nonrat/raw/main/svchost.exe/"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271589/; classtype:trojan-activity;sid:84134689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271590)"; flow:established,from_client; content:"GET"; http_method; content:"/zodiac1616/test/raw/refs/heads/main/svchost.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271590/; classtype:trojan-activity;sid:84134690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271579)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/raw/refs/heads/main/nvidia.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271579/; classtype:trojan-activity;sid:84134679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.71.85.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271567/; classtype:trojan-activity;sid:84134667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.71.85.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271489/; classtype:trojan-activity;sid:84134589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.58.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271437/; classtype:trojan-activity;sid:84134537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271375)"; flow:established,from_client; content:"GET"; http_method; content:"/d00mt3l/xworm-5.6/raw/refs/heads/main/xwormloader.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271375/; classtype:trojan-activity;sid:84134475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271374)"; flow:established,from_client; content:"GET"; http_method; content:"/naruto0827/roblox-blox-fruits-script-2024/refs/heads/main/loader.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271374/; classtype:trojan-activity;sid:84134474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271372)"; flow:established,from_client; content:"GET"; http_method; content:"/naruto0827/roblox-blox-fruits-script-2024/raw/refs/heads/main/loader.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271372/; classtype:trojan-activity;sid:84134472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271364)"; flow:established,from_client; content:"GET"; http_method; content:"/landonpasana21/roblox-blox-fruits-script-2024/refs/heads/main/loader.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271364/; classtype:trojan-activity;sid:84134464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271366)"; flow:established,from_client; content:"GET"; http_method; content:"/zzrevva1/osu-maple/refs/heads/main/extremeinjector.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271366/; classtype:trojan-activity;sid:84134466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271367)"; flow:established,from_client; content:"GET"; http_method; content:"/shen0shod/cfx-bypass/refs/heads/main/cfxbypass.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271367/; classtype:trojan-activity;sid:84134467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271368)"; flow:established,from_client; content:"GET"; http_method; content:"/landonpasana21/roblox-blox-fruits-script-2024/raw/refs/heads/main/loader.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271368/; classtype:trojan-activity;sid:84134468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271369)"; flow:established,from_client; content:"GET"; http_method; content:"/zzrevva1/osu-maple/raw/refs/heads/main/extremeinjector.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271369/; classtype:trojan-activity;sid:84134469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271370)"; flow:established,from_client; content:"GET"; http_method; content:"/stressedb/redengine/main/loader.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271370/; classtype:trojan-activity;sid:84134470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271290)"; flow:established,from_client; content:"GET"; http_method; content:"/-/project/21762009/uploads/c4f32a8d91f0b95a33e7d8a2715f2c1c/slunkcrypt.2024-06-08.windows.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271290/; classtype:trojan-activity;sid:84134390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271267)"; flow:established,from_client; content:"GET"; http_method; content:"/aegis/mcron-vip-1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"0889.org"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271267/; classtype:trojan-activity;sid:84134367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271268)"; flow:established,from_client; content:"GET"; http_method; content:"/aegis/grub"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"0889.org"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271268/; classtype:trojan-activity;sid:84134368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271266)"; flow:established,from_client; content:"GET"; http_method; content:"/aegis/10000"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"0889.org"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271266/; classtype:trojan-activity;sid:84134366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271245)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/msd0nng4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271245/; classtype:trojan-activity;sid:84134345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271231)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bf3nfafj"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271231/; classtype:trojan-activity;sid:84134331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271232)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zc37hk17"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271232/; classtype:trojan-activity;sid:84134332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271202)"; flow:established,from_client; content:"GET"; http_method; content:"/1410.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pub-9c95ff56c7ba44c98ae7daad95f5689d.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271202/; classtype:trojan-activity;sid:84134302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271203)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/cognac/smsinc.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"sbelegi.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271203/; classtype:trojan-activity;sid:84134303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271206)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/blader-4f96f.appspot.com/o/rem251.txt|3f|alt=media|7c|26|7c|token=c0f99eb2-2f4d-4b6b-8bb6-bdb0e353c395"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271206/; classtype:trojan-activity;sid:84134306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271200)"; flow:established,from_client; content:"GET"; http_method; content:"/ywds3/clients.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"in-houselegal.ro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271200/; classtype:trojan-activity;sid:84134300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271172)"; flow:established,from_client; content:"GET"; http_method; content:"/aboriginal/downloads/binaries/cross-compiler-m68k.tar.gz"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"landley.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271172/; classtype:trojan-activity;sid:84134272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271005)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/yxrd0ob7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271005/; classtype:trojan-activity;sid:84134105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.3.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270977/; classtype:trojan-activity;sid:84134077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270968)"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"95.164.4.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270968/; classtype:trojan-activity;sid:84134068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270940)"; flow:established,from_client; content:"GET"; http_method; content:"/owo.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.29.162.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270940/; classtype:trojan-activity;sid:84134040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270824)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sqdqsdsq.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270824/; classtype:trojan-activity;sid:84133924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270821)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sqdqsdsq.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270821/; classtype:trojan-activity;sid:84133921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270822)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sqdqsdsq.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270822/; classtype:trojan-activity;sid:84133922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270823)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sqdqsdsq.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270823/; classtype:trojan-activity;sid:84133923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270820)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sqdqsdsq.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270820/; classtype:trojan-activity;sid:84133920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270819)"; flow:established,from_client; content:"GET"; http_method; content:"/i5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"sqdqsdsq.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270819/; classtype:trojan-activity;sid:84133919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270816)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sqdqsdsq.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270816/; classtype:trojan-activity;sid:84133916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270817)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sqdqsdsq.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270817/; classtype:trojan-activity;sid:84133917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270818)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sqdqsdsq.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270818/; classtype:trojan-activity;sid:84133918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270809)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sqdqsdsq.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270809/; classtype:trojan-activity;sid:84133909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270810)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sqdqsdsq.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270810/; classtype:trojan-activity;sid:84133910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270811)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sqdqsdsq.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270811/; classtype:trojan-activity;sid:84133911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270812)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sqdqsdsq.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270812/; classtype:trojan-activity;sid:84133912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270813)"; flow:established,from_client; content:"GET"; http_method; content:"/i6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"sqdqsdsq.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270813/; classtype:trojan-activity;sid:84133913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270814)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sqdqsdsq.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270814/; classtype:trojan-activity;sid:84133914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270807)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sqdqsdsq.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270807/; classtype:trojan-activity;sid:84133907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270803)"; flow:established,from_client; content:"GET"; http_method; content:"/hiss.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.90.13.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270803/; classtype:trojan-activity;sid:84133903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270800)"; flow:established,from_client; content:"GET"; http_method; content:"/hiss.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.90.13.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270800/; classtype:trojan-activity;sid:84133900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270797)"; flow:established,from_client; content:"GET"; http_method; content:"/hiss.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.90.13.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270797/; classtype:trojan-activity;sid:84133897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270792)"; flow:established,from_client; content:"GET"; http_method; content:"/meow.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.90.13.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270792/; classtype:trojan-activity;sid:84133892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270784)"; flow:established,from_client; content:"GET"; http_method; content:"/meow.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.90.13.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270784/; classtype:trojan-activity;sid:84133884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270785)"; flow:established,from_client; content:"GET"; http_method; content:"/meow.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.90.13.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270785/; classtype:trojan-activity;sid:84133885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270748)"; flow:established,from_client; content:"GET"; http_method; content:"/abc3.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270748/; classtype:trojan-activity;sid:84133848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270747)"; flow:established,from_client; content:"GET"; http_method; content:"/abc2.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270747/; classtype:trojan-activity;sid:84133847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270746)"; flow:established,from_client; content:"GET"; http_method; content:"/abc1.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270746/; classtype:trojan-activity;sid:84133846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270744)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270744/; classtype:trojan-activity;sid:84133844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270741)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270741/; classtype:trojan-activity;sid:84133841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270735)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270735/; classtype:trojan-activity;sid:84133835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270736)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270736/; classtype:trojan-activity;sid:84133836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270737)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270737/; classtype:trojan-activity;sid:84133837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270733)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270733/; classtype:trojan-activity;sid:84133833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270734)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270734/; classtype:trojan-activity;sid:84133834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270731)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270731/; classtype:trojan-activity;sid:84133831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270732)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270732/; classtype:trojan-activity;sid:84133832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270728)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270728/; classtype:trojan-activity;sid:84133828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270729)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mips64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270729/; classtype:trojan-activity;sid:84133829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270730)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270730/; classtype:trojan-activity;sid:84133830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270724)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270724/; classtype:trojan-activity;sid:84133824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270725)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270725/; classtype:trojan-activity;sid:84133825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270726)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270726/; classtype:trojan-activity;sid:84133826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270727)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270727/; classtype:trojan-activity;sid:84133827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270723)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270723/; classtype:trojan-activity;sid:84133823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270722)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270722/; classtype:trojan-activity;sid:84133822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270718)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270718/; classtype:trojan-activity;sid:84133818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270719)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mips64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270719/; classtype:trojan-activity;sid:84133819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270720)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270720/; classtype:trojan-activity;sid:84133820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270721)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270721/; classtype:trojan-activity;sid:84133821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.221.235.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270631/; classtype:trojan-activity;sid:84133731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270606)"; flow:established,from_client; content:"GET"; http_method; content:"/le/la.bot.arc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270606/; classtype:trojan-activity;sid:84133706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270605)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.arc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270605/; classtype:trojan-activity;sid:84133705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270599)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/la.bot.arc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270599/; classtype:trojan-activity;sid:84133699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270507/; classtype:trojan-activity;sid:84133607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.177.199.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270488/; classtype:trojan-activity;sid:84133588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.235.163.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270484/; classtype:trojan-activity;sid:84133584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270227)"; flow:established,from_client; content:"GET"; http_method; content:"/ss/passwordrecovery32exe.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"fiestagrandefm.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270227/; classtype:trojan-activity;sid:84133327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270225)"; flow:established,from_client; content:"GET"; http_method; content:"/ss/passwordrecovery64exe.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"fiestagrandefm.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270225/; classtype:trojan-activity;sid:84133325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.27.32.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270222/; classtype:trojan-activity;sid:84133322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270216)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/brf4lern"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270216/; classtype:trojan-activity;sid:84133316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270217)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xvkdr4md"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270217/; classtype:trojan-activity;sid:84133317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270200)"; flow:established,from_client; content:"GET"; http_method; content:"/c3pool/winring0x64.sys"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"c3poolbat2.oss-ap-northeast-1.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270200/; classtype:trojan-activity;sid:84133300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270198)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/edadf5dc5ec04c578e24f68006fad2b4.sys"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270198/; classtype:trojan-activity;sid:84133298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270196)"; flow:established,from_client; content:"GET"; http_method; content:"/novocrm/static/winring0x64.sys"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"118.189.172.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270196/; classtype:trojan-activity;sid:84133296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270195)"; flow:established,from_client; content:"GET"; http_method; content:"/ggassistant/update/2.3.11.29/tool/winring0x64.sys|3f|skq=1701042218"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"shqdown.ggzuhao.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270195/; classtype:trojan-activity;sid:84133295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270193)"; flow:established,from_client; content:"GET"; http_method; content:"/miguel-b-p/..../raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270193/; classtype:trojan-activity;sid:84133293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270185)"; flow:established,from_client; content:"GET"; http_method; content:"/silenthashik/winring/raw/main/winring0x64.sys"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270185/; classtype:trojan-activity;sid:84133285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270186)"; flow:established,from_client; content:"GET"; http_method; content:"/hak333444/xmrig/raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270186/; classtype:trojan-activity;sid:84133286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270187)"; flow:established,from_client; content:"GET"; http_method; content:"/irusanov/zenstates-core/raw/master/winring0x64.sys"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270187/; classtype:trojan-activity;sid:84133287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270188)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/blob/master/bin/winring0/winring0x64.sys|3f|raw=true"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270188/; classtype:trojan-activity;sid:84133288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270189)"; flow:established,from_client; content:"GET"; http_method; content:"/so251/olaquerida/releases/download/1releasae/winring0x64.sys"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270189/; classtype:trojan-activity;sid:84133289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270190)"; flow:established,from_client; content:"GET"; http_method; content:"/winring0x64.sys"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mymin11.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270190/; classtype:trojan-activity;sid:84133290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270191)"; flow:established,from_client; content:"GET"; http_method; content:"/jsjsjsc79/advsd/raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270191/; classtype:trojan-activity;sid:84133291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270192)"; flow:established,from_client; content:"GET"; http_method; content:"/stickmengamer/idk/raw/main/winring0x64.sys"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270192/; classtype:trojan-activity;sid:84133292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270183)"; flow:established,from_client; content:"GET"; http_method; content:"/sopranotech/dimeo/main/winring0x64.sys"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270183/; classtype:trojan-activity;sid:84133283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270184)"; flow:established,from_client; content:"GET"; http_method; content:"/abrissyy/min/main/winring0x64.sys"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270184/; classtype:trojan-activity;sid:84133284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270080)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/j86piuq9.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270080/; classtype:trojan-activity;sid:84133180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270079)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bwapp.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270079/; classtype:trojan-activity;sid:84133179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270077)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/0b44ippu.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270077/; classtype:trojan-activity;sid:84133177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270078)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5gevcp8z.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270078/; classtype:trojan-activity;sid:84133178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270075)"; flow:established,from_client; content:"GET"; http_method; content:"/store/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270075/; classtype:trojan-activity;sid:84133175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270076)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/chicken123.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270076/; classtype:trojan-activity;sid:84133176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270073)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dsds.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270073/; classtype:trojan-activity;sid:84133173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270074)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/final.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270074/; classtype:trojan-activity;sid:84133174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270072)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xyaw4fkp.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270072/; classtype:trojan-activity;sid:84133172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270070)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup8.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270070/; classtype:trojan-activity;sid:84133170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270071)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/golden.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270071/; classtype:trojan-activity;sid:84133171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270069)"; flow:established,from_client; content:"GET"; http_method; content:"/test/do.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270069/; classtype:trojan-activity;sid:84133169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270055)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/q1wnx5ir.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270055/; classtype:trojan-activity;sid:84133155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270056)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kp8dnpa9.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270056/; classtype:trojan-activity;sid:84133156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270057)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zts.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270057/; classtype:trojan-activity;sid:84133157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270052)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/h5a71wdy.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270052/; classtype:trojan-activity;sid:84133152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269998)"; flow:established,from_client; content:"GET"; http_method; content:"/8djjd3shf2/plugins/cred.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.208.159.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269998/; classtype:trojan-activity;sid:84133098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269999)"; flow:established,from_client; content:"GET"; http_method; content:"/8djjd3shf2/plugins/cred64.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.208.159.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269999/; classtype:trojan-activity;sid:84133099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269993)"; flow:established,from_client; content:"GET"; http_method; content:"/8djjd3shf2/plugins/clip64.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.208.159.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269993/; classtype:trojan-activity;sid:84133093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269991)"; flow:established,from_client; content:"GET"; http_method; content:"/8djjd3shf2/plugins/clip.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.208.159.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269991/; classtype:trojan-activity;sid:84133091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.93.45.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269967/; classtype:trojan-activity;sid:84133067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269954)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/tn8cdkzn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269954/; classtype:trojan-activity;sid:84133054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269929)"; flow:established,from_client; content:"GET"; http_method; content:"/ba0f11c06102c3bc/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"5.188.87.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269929/; classtype:trojan-activity;sid:84133029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269923)"; flow:established,from_client; content:"GET"; http_method; content:"/ba0f11c06102c3bc/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"5.188.87.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269923/; classtype:trojan-activity;sid:84133023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269917)"; flow:established,from_client; content:"GET"; http_method; content:"/ba0f11c06102c3bc/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"5.188.87.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269917/; classtype:trojan-activity;sid:84133017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269880)"; flow:established,from_client; content:"GET"; http_method; content:"/ba0f11c06102c3bc/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"5.188.87.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269880/; classtype:trojan-activity;sid:84132980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269878)"; flow:established,from_client; content:"GET"; http_method; content:"/ba0f11c06102c3bc/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"5.188.87.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269878/; classtype:trojan-activity;sid:84132978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269876)"; flow:established,from_client; content:"GET"; http_method; content:"/ba0f11c06102c3bc/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"5.188.87.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269876/; classtype:trojan-activity;sid:84132976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269877)"; flow:established,from_client; content:"GET"; http_method; content:"/ba0f11c06102c3bc/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"5.188.87.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269877/; classtype:trojan-activity;sid:84132977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269874)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/9c1mbus0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269874/; classtype:trojan-activity;sid:84132974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269847)"; flow:established,from_client; content:"GET"; http_method; content:"/offnewhere.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269847/; classtype:trojan-activity;sid:84132947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269837)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/v7wa24td.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269837/; classtype:trojan-activity;sid:84132937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269831)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/new_v8.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269831/; classtype:trojan-activity;sid:84132931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269827)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rdx123456.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269827/; classtype:trojan-activity;sid:84132927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269828)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gold1234.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269828/; classtype:trojan-activity;sid:84132928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269829)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269829/; classtype:trojan-activity;sid:84132929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269824)"; flow:established,from_client; content:"GET"; http_method; content:"/babadura123/banana/refs/heads/main/xclient.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269824/; classtype:trojan-activity;sid:84132924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269823)"; flow:established,from_client; content:"GET"; http_method; content:"/xclient543/upgraded-sniffle/main/xclient.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269823/; classtype:trojan-activity;sid:84132923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269814)"; flow:established,from_client; content:"GET"; http_method; content:"/nomorelife1/te/raw/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269814/; classtype:trojan-activity;sid:84132914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269815)"; flow:established,from_client; content:"GET"; http_method; content:"/bytrosyt/xuy/releases/download/dick/xclient.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269815/; classtype:trojan-activity;sid:84132915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269816)"; flow:established,from_client; content:"GET"; http_method; content:"/uspat/capybara_jar/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269816/; classtype:trojan-activity;sid:84132916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269817)"; flow:established,from_client; content:"GET"; http_method; content:"/uspat/cripting/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269817/; classtype:trojan-activity;sid:84132917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269818)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/raw/main/xclient.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269818/; classtype:trojan-activity;sid:84132918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269819)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot1/refs/heads/main/xclient.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269819/; classtype:trojan-activity;sid:84132919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269820)"; flow:established,from_client; content:"GET"; http_method; content:"/uspat/capybara_jar/raw/main/xclient.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269820/; classtype:trojan-activity;sid:84132920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269821)"; flow:established,from_client; content:"GET"; http_method; content:"/tubocdev/ratbuildpenis/raw/main/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269821/; classtype:trojan-activity;sid:84132921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269822)"; flow:established,from_client; content:"GET"; http_method; content:"/babadura123/banana/raw/refs/heads/main/xclient.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269822/; classtype:trojan-activity;sid:84132922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269788)"; flow:established,from_client; content:"GET"; http_method; content:"/makslalp123/rakdj213/master/xclient.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269788/; classtype:trojan-activity;sid:84132888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269789)"; flow:established,from_client; content:"GET"; http_method; content:"/framzzzzz/dont-use/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269789/; classtype:trojan-activity;sid:84132889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269790)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/main/xclient.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269790/; classtype:trojan-activity;sid:84132890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269791)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/raw/main/xclient.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269791/; classtype:trojan-activity;sid:84132891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269792)"; flow:established,from_client; content:"GET"; http_method; content:"/bodyblazexaa/dll/main/xclient.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269792/; classtype:trojan-activity;sid:84132892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269794)"; flow:established,from_client; content:"GET"; http_method; content:"/xclient.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.197.69.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269794/; classtype:trojan-activity;sid:84132894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269795)"; flow:established,from_client; content:"GET"; http_method; content:"/makslalp123/rakdj213/raw/master/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269795/; classtype:trojan-activity;sid:84132895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269796)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot2/raw/refs/heads/main/xclient.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269796/; classtype:trojan-activity;sid:84132896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269797)"; flow:established,from_client; content:"GET"; http_method; content:"/2backside/stealercentral/raw/refs/heads/main/xclient.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269797/; classtype:trojan-activity;sid:84132897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269798)"; flow:established,from_client; content:"GET"; http_method; content:"/u6iko/do5a/raw/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269798/; classtype:trojan-activity;sid:84132898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269799)"; flow:established,from_client; content:"GET"; http_method; content:"/2backside/stealercentral/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269799/; classtype:trojan-activity;sid:84132899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269800)"; flow:established,from_client; content:"GET"; http_method; content:"/helelehelafsdf163/batata/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269800/; classtype:trojan-activity;sid:84132900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269802)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot2/refs/heads/main/xclient.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269802/; classtype:trojan-activity;sid:84132902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269803)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulah345/pizdaporc/raw/refs/heads/main/xclient.exe/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269803/; classtype:trojan-activity;sid:84132903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269804)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/-/raw/main/xclient.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269804/; classtype:trojan-activity;sid:84132904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269807)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/main/xclient.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269807/; classtype:trojan-activity;sid:84132907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269808)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/-/main/xclient.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269808/; classtype:trojan-activity;sid:84132908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269809)"; flow:established,from_client; content:"GET"; http_method; content:"/bodyblazexaa/dll/raw/main/xclient.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269809/; classtype:trojan-activity;sid:84132909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269810)"; flow:established,from_client; content:"GET"; http_method; content:"/helelehelafsdf163/batata/raw/refs/heads/main/xclient.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269810/; classtype:trojan-activity;sid:84132910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269811)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot1/raw/refs/heads/main/xclient.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269811/; classtype:trojan-activity;sid:84132911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269812)"; flow:established,from_client; content:"GET"; http_method; content:"/tubocdev/ratbuildpenis/main/xclient.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269812/; classtype:trojan-activity;sid:84132912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269813)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/htt/raw/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269813/; classtype:trojan-activity;sid:84132913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269785)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulah345/pizdaporc/raw/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269785/; classtype:trojan-activity;sid:84132885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269786)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulah345/pizdaporc/refs/heads/main/xclient.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269786/; classtype:trojan-activity;sid:84132886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269787)"; flow:established,from_client; content:"GET"; http_method; content:"/u6iko/do5a/raw/main/xclient.exe/"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269787/; classtype:trojan-activity;sid:84132887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269773)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"95.164.4.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269773/; classtype:trojan-activity;sid:84132873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269771)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"95.164.4.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269771/; classtype:trojan-activity;sid:84132871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269768)"; flow:established,from_client; content:"GET"; http_method; content:"/crysiz2631/xworm-3.1/zip/refs/heads/main"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269768/; classtype:trojan-activity;sid:84132868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269769)"; flow:established,from_client; content:"GET"; http_method; content:"/d00mt3l/xworm-5.6/zip/refs/heads/main"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269769/; classtype:trojan-activity;sid:84132869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269767)"; flow:established,from_client; content:"GET"; http_method; content:"/looooolaasa/xworm-5.6/refs/heads/main/xworm-5.6.rar"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269767/; classtype:trojan-activity;sid:84132867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269766)"; flow:established,from_client; content:"GET"; http_method; content:"/trafisg/xworm-5.2-/zip/refs/heads/main"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269766/; classtype:trojan-activity;sid:84132866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269763)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/refs/heads/main/xworm.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269763/; classtype:trojan-activity;sid:84132863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269762)"; flow:established,from_client; content:"GET"; http_method; content:"/jpntr/xworm-v5.2/zip/refs/heads/main"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269762/; classtype:trojan-activity;sid:84132862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269757)"; flow:established,from_client; content:"GET"; http_method; content:"/smokeloader/xworm-v5.3/releases/download/xworm/xworm.v5.3.optimized.bin.7z"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269757/; classtype:trojan-activity;sid:84132857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269758)"; flow:established,from_client; content:"GET"; http_method; content:"/d00mt3l/xworm-5.6/zip/refs/heads/main|3f|token=a4br4vo3xliqjaedb6a2s43hensuu"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269758/; classtype:trojan-activity;sid:84132858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269756)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/releases/download/v5.0/xworm.rar/"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269756/; classtype:trojan-activity;sid:84132856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269750)"; flow:established,from_client; content:"GET"; http_method; content:"/gv1rygit/xworm-v5.2/raw/refs/heads/main/xsploitlauncher.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269750/; classtype:trojan-activity;sid:84132850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269751)"; flow:established,from_client; content:"GET"; http_method; content:"/gv1rygit/xworm-v5.2/raw/refs/heads/main/xsploitlauncher.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269751/; classtype:trojan-activity;sid:84132851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269752)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/releases/download/v5.0/xworm.rar"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269752/; classtype:trojan-activity;sid:84132852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269748)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/blob/main/xworm.exe|3f|raw=true"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269748/; classtype:trojan-activity;sid:84132848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269749)"; flow:established,from_client; content:"GET"; http_method; content:"/xworm/x64.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dataxx.netlify.app"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269749/; classtype:trojan-activity;sid:84132849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269740)"; flow:established,from_client; content:"GET"; http_method; content:"/gv1rygit/xworm-v5.2/refs/heads/main/xsploitlauncher.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269740/; classtype:trojan-activity;sid:84132840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269741)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/releases/download/v5.0/xworm.rar/"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269741/; classtype:trojan-activity;sid:84132841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269738)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/raw/main/xworm.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269738/; classtype:trojan-activity;sid:84132838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269730)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptedexefiles/xworm.exe.dead"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"dataxx.netlify.app"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269730/; classtype:trojan-activity;sid:84132830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269715)"; flow:established,from_client; content:"GET"; http_method; content:"/sqrtzeroknowledge/xworm-trojan/archive/refs/heads/main.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269715/; classtype:trojan-activity;sid:84132815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269722)"; flow:established,from_client; content:"GET"; http_method; content:"/gv1rygit/xworm-v5.2/refs/heads/main/xsploitlauncher.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269722/; classtype:trojan-activity;sid:84132822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269709)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"95.164.4.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269709/; classtype:trojan-activity;sid:84132809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269710)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"95.164.4.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269710/; classtype:trojan-activity;sid:84132810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269711)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"95.164.4.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269711/; classtype:trojan-activity;sid:84132811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269712)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"95.164.4.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269712/; classtype:trojan-activity;sid:84132812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269708)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"95.164.4.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269708/; classtype:trojan-activity;sid:84132808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269706)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"95.164.4.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269706/; classtype:trojan-activity;sid:84132806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269707)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"95.164.4.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269707/; classtype:trojan-activity;sid:84132807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269646)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"95.164.4.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269646/; classtype:trojan-activity;sid:84132746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.12.198.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269632/; classtype:trojan-activity;sid:84132732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269616)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"125.124.96.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269616/; classtype:trojan-activity;sid:84132716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269527)"; flow:established,from_client; content:"GET"; http_method; content:"/sarm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269527/; classtype:trojan-activity;sid:84132627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269502)"; flow:established,from_client; content:"GET"; http_method; content:"/smips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269502/; classtype:trojan-activity;sid:84132602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269489)"; flow:established,from_client; content:"GET"; http_method; content:"/sarm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269489/; classtype:trojan-activity;sid:84132589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269464)"; flow:established,from_client; content:"GET"; http_method; content:"/sarm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269464/; classtype:trojan-activity;sid:84132564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269456)"; flow:established,from_client; content:"GET"; http_method; content:"/smpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269456/; classtype:trojan-activity;sid:84132556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269457)"; flow:established,from_client; content:"GET"; http_method; content:"/sarm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269457/; classtype:trojan-activity;sid:84132557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269443)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.175.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269443/; classtype:trojan-activity;sid:84132543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269018)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper64.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269018/; classtype:trojan-activity;sid:84132118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.76.179.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268820/; classtype:trojan-activity;sid:84131920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.76.179.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268790/; classtype:trojan-activity;sid:84131890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.109.164.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268736/; classtype:trojan-activity;sid:84131836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.109.164.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268717/; classtype:trojan-activity;sid:84131817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268715/; classtype:trojan-activity;sid:84131815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268439)"; flow:established,from_client; content:"GET"; http_method; content:"/8bddsv3dk2ff/plugins/cred64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"152.89.198.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268439/; classtype:trojan-activity;sid:84131539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268432)"; flow:established,from_client; content:"GET"; http_method; content:"/8bddsv3dk2ff/plugins/clip.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"152.89.198.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268432/; classtype:trojan-activity;sid:84131532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268433)"; flow:established,from_client; content:"GET"; http_method; content:"/5ndshog3cwa/plugins/clip64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"45.93.20.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268433/; classtype:trojan-activity;sid:84131533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268434)"; flow:established,from_client; content:"GET"; http_method; content:"/5ndshog3cwa/plugins/cred64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"45.93.20.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268434/; classtype:trojan-activity;sid:84131534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268429)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268429/; classtype:trojan-activity;sid:84131529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268430)"; flow:established,from_client; content:"GET"; http_method; content:"/8bddsv3dk2ff/plugins/cred.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"152.89.198.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268430/; classtype:trojan-activity;sid:84131530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268431)"; flow:established,from_client; content:"GET"; http_method; content:"/8bddsv3dk2ff/plugins/clip64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"152.89.198.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268431/; classtype:trojan-activity;sid:84131531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268242/; classtype:trojan-activity;sid:84131342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.221.235.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267840/; classtype:trojan-activity;sid:84130940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267573)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/87f3f2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267573/; classtype:trojan-activity;sid:84130673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.184.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267464/; classtype:trojan-activity;sid:84130564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.104.126.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267382/; classtype:trojan-activity;sid:84130482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.184.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267283/; classtype:trojan-activity;sid:84130383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266999)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266999/; classtype:trojan-activity;sid:84130099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267007)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267007/; classtype:trojan-activity;sid:84130107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267011)"; flow:established,from_client; content:"GET"; http_method; content:"/gmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267011/; classtype:trojan-activity;sid:84130111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266993)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266993/; classtype:trojan-activity;sid:84130093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266982)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266982/; classtype:trojan-activity;sid:84130082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266965)"; flow:established,from_client; content:"GET"; http_method; content:"/nrarm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266965/; classtype:trojan-activity;sid:84130065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266968)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266968/; classtype:trojan-activity;sid:84130068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266974)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266974/; classtype:trojan-activity;sid:84130074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266952)"; flow:established,from_client; content:"GET"; http_method; content:"/gmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266952/; classtype:trojan-activity;sid:84130052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266625)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/refs/heads/main/khtoawdltrha.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266625/; classtype:trojan-activity;sid:84129725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266609)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/khtoawdltrha.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266609/; classtype:trojan-activity;sid:84129709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.104.126.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266458/; classtype:trojan-activity;sid:84129558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266222)"; flow:established,from_client; content:"GET"; http_method; content:"/hackirby/wallets-injection/raw/main/exodus.asar"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266222/; classtype:trojan-activity;sid:84129322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266221)"; flow:established,from_client; content:"GET"; http_method; content:"/hackirby/wallets-injection/raw/main/atomic.asar"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266221/; classtype:trojan-activity;sid:84129321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266166)"; flow:established,from_client; content:"GET"; http_method; content:"/clipacheat/chaaa/raw/refs/heads/main/built.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266166/; classtype:trojan-activity;sid:84129266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266091)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulah345/pizdaporc/raw/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266091/; classtype:trojan-activity;sid:84129191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266043)"; flow:established,from_client; content:"GET"; http_method; content:"/temp/xnsjjxja.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"newvideo.link"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266043/; classtype:trojan-activity;sid:84129143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.158.161.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265998/; classtype:trojan-activity;sid:84129098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265970)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1l_dscfub_tjt6kff-r1dxwaweydg42pp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265970/; classtype:trojan-activity;sid:84129070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265917)"; flow:established,from_client; content:"GET"; http_method; content:"/minecraft.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zaraz.vercel.app"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265917/; classtype:trojan-activity;sid:84129017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265884)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted25.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265884/; classtype:trojan-activity;sid:84128984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265708/; classtype:trojan-activity;sid:84128808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265261)"; flow:established,from_client; content:"GET"; http_method; content:"/june--pdf11.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"37.60.252.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265261/; classtype:trojan-activity;sid:84128361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265260)"; flow:established,from_client; content:"GET"; http_method; content:"/qfv0ao.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.60.252.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265260/; classtype:trojan-activity;sid:84128360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265256)"; flow:established,from_client; content:"GET"; http_method; content:"/a.pdf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"louise-monitors-mo-rating.trycloudflare.com"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265256/; classtype:trojan-activity;sid:84128356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265255)"; flow:established,from_client; content:"GET"; http_method; content:"/b.pdf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"louise-monitors-mo-rating.trycloudflare.com"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265255/; classtype:trojan-activity;sid:84128355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265254)"; flow:established,from_client; content:"GET"; http_method; content:"/b.pdf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"37.60.252.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265254/; classtype:trojan-activity;sid:84128354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265251)"; flow:established,from_client; content:"GET"; http_method; content:"/man.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.60.252.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265251/; classtype:trojan-activity;sid:84128351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265252)"; flow:established,from_client; content:"GET"; http_method; content:"/june--pdf12.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"37.60.252.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265252/; classtype:trojan-activity;sid:84128352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265253)"; flow:established,from_client; content:"GET"; http_method; content:"/a.pdf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"37.60.252.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265253/; classtype:trojan-activity;sid:84128353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265197)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.205.237.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265197/; classtype:trojan-activity;sid:84128297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265196)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.92.19.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265196/; classtype:trojan-activity;sid:84128296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265189)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.146.198.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265189/; classtype:trojan-activity;sid:84128289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265183)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"79.124.58.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265183/; classtype:trojan-activity;sid:84128283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265186)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"203.86.239.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265186/; classtype:trojan-activity;sid:84128286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265181)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.97.174.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265181/; classtype:trojan-activity;sid:84128281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265182)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.108.142.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265182/; classtype:trojan-activity;sid:84128282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265177)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.94.168.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265177/; classtype:trojan-activity;sid:84128277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265174)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.70.0.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265174/; classtype:trojan-activity;sid:84128274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265166)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.78.83.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265166/; classtype:trojan-activity;sid:84128266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265161)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.55.100.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265161/; classtype:trojan-activity;sid:84128261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264853)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.163.224.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264853/; classtype:trojan-activity;sid:84127953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264803)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.84.71.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264803/; classtype:trojan-activity;sid:84127903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.78.11.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261205/; classtype:trojan-activity;sid:84124305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261179)"; flow:established,from_client; content:"GET"; http_method; content:"/quote%20approval%20rev.00%20lpo.tar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"zunigarquitectura.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261179/; classtype:trojan-activity;sid:84124279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261122)"; flow:established,from_client; content:"GET"; http_method; content:"/download/7z2401-x64.msix"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"85.209.134.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261122/; classtype:trojan-activity;sid:84124222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261119)"; flow:established,from_client; content:"GET"; http_method; content:"/download/7z2401-x64.msix"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"7zip10-2024.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261119/; classtype:trojan-activity;sid:84124219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261118)"; flow:established,from_client; content:"GET"; http_method; content:"/download/7z2401-x64.msix"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"85.209.134.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261118/; classtype:trojan-activity;sid:84124218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261117)"; flow:established,from_client; content:"GET"; http_method; content:"/download/7z2401-x64.msix"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"85.209.134.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261117/; classtype:trojan-activity;sid:84124217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261116)"; flow:established,from_client; content:"GET"; http_method; content:"/download/7z2401-x64.msix"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"85.209.134.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261116/; classtype:trojan-activity;sid:84124216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260455)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.14.162.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260455/; classtype:trojan-activity;sid:84123555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.88.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260378/; classtype:trojan-activity;sid:84123478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.88.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260352/; classtype:trojan-activity;sid:84123452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.215.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259739/; classtype:trojan-activity;sid:84122839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.213.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259617/; classtype:trojan-activity;sid:84122717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.70.82.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259350/; classtype:trojan-activity;sid:84122450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.229.174.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259056/; classtype:trojan-activity;sid:84122156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258753)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.204.26.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258753/; classtype:trojan-activity;sid:84121853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258233)"; flow:established,from_client; content:"GET"; http_method; content:"/coreopt/plugins/cred.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258233/; classtype:trojan-activity;sid:84121333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258232)"; flow:established,from_client; content:"GET"; http_method; content:"/coreopt/plugins/clip.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258232/; classtype:trojan-activity;sid:84121332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258049)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/rcm_dcdedkd.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258049/; classtype:trojan-activity;sid:84121149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258050)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/rcf_omfnorh.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258050/; classtype:trojan-activity;sid:84121150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258051)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/gpieisb.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258051/; classtype:trojan-activity;sid:84121151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258052)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/fffaemf.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258052/; classtype:trojan-activity;sid:84121152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258053)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/rooahio.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258053/; classtype:trojan-activity;sid:84121153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258054)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/araofkh.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258054/; classtype:trojan-activity;sid:84121154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258055)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/oahinkn.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258055/; classtype:trojan-activity;sid:84121155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258045)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/asy_dffaaep.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258045/; classtype:trojan-activity;sid:84121145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258046)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/iksjbpj.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258046/; classtype:trojan-activity;sid:84121146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258047)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/jaadkfh.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258047/; classtype:trojan-activity;sid:84121147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258048)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/bkpmdom.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258048/; classtype:trojan-activity;sid:84121148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258044)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/igapsme.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258044/; classtype:trojan-activity;sid:84121144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258042)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/domcfbs.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258042/; classtype:trojan-activity;sid:84121142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258043)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/krkmakc.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258043/; classtype:trojan-activity;sid:84121143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258034)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/xwmm_aakkhbm.txt"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258034/; classtype:trojan-activity;sid:84121134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258033)"; flow:established,from_client; content:"GET"; http_method; content:"/ijeuwaesika/nna/refs/heads/main/ifiinms.txt"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258033/; classtype:trojan-activity;sid:84121133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258032)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/apfjrdf.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258032/; classtype:trojan-activity;sid:84121132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258029)"; flow:established,from_client; content:"GET"; http_method; content:"/javamagazine/magdownloads/downloads/utilities-windowtimer-ptimer.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258029/; classtype:trojan-activity;sid:84121129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257831)"; flow:established,from_client; content:"GET"; http_method; content:"/grogos817/34f45gh44h554h/raw/4e68095e513496512d02602fdccf2ffee5be8d05/loader.rar"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257831/; classtype:trojan-activity;sid:84120931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257765)"; flow:established,from_client; content:"GET"; http_method; content:"/4afziyfqzm/afziyfqzm/downloads/arsenal_script.rar"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257765/; classtype:trojan-activity;sid:84120865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257766)"; flow:established,from_client; content:"GET"; http_method; content:"/4afziyfqzm/afziyfqzm/downloads/synps_x.rar"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257766/; classtype:trojan-activity;sid:84120866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257764)"; flow:established,from_client; content:"GET"; http_method; content:"/4afziyfqzm/afziyfqzm/downloads/pet_simulator_x_script.rar"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257764/; classtype:trojan-activity;sid:84120864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257762)"; flow:established,from_client; content:"GET"; http_method; content:"/4afziyfqzm/afziyfqzm/downloads/fortnite_hack.rar"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257762/; classtype:trojan-activity;sid:84120862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257763)"; flow:established,from_client; content:"GET"; http_method; content:"/4afziyfqzm/afziyfqzm/downloads/new_valorant_hack.rar"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257763/; classtype:trojan-activity;sid:84120863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257761)"; flow:established,from_client; content:"GET"; http_method; content:"/4afziyfqzm/afziyfqzm/downloads/new_kiddions.rar"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257761/; classtype:trojan-activity;sid:84120861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257760)"; flow:established,from_client; content:"GET"; http_method; content:"/4afziyfqzm/afziyfqzm/downloads/fortnite_skin_swapper.rar"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257760/; classtype:trojan-activity;sid:84120860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257759)"; flow:established,from_client; content:"GET"; http_method; content:"/4afziyfqzm/afziyfqzm/downloads/blox_fruits_scr.rar"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257759/; classtype:trojan-activity;sid:84120859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257758)"; flow:established,from_client; content:"GET"; http_method; content:"/4afziyfqzm/afziyfqzm/downloads/fivem_mod_menu.rar"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257758/; classtype:trojan-activity;sid:84120858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257757)"; flow:established,from_client; content:"GET"; http_method; content:"/4afziyfqzm/afziyfqzm/downloads/roblox_doors_src.rar"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257757/; classtype:trojan-activity;sid:84120857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257637)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/ab/f3.txt"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257637/; classtype:trojan-activity;sid:84120737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257562)"; flow:established,from_client; content:"GET"; http_method; content:"/osupdater.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257562/; classtype:trojan-activity;sid:84120662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257563)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.zip"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257563/; classtype:trojan-activity;sid:84120663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257561)"; flow:established,from_client; content:"GET"; http_method; content:"/nova.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257561/; classtype:trojan-activity;sid:84120661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257483)"; flow:established,from_client; content:"GET"; http_method; content:"/data/javaw/winring0x64.sys"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"shangmei-test.oss-cn-beijing.aliyuncs.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257483/; classtype:trojan-activity;sid:84120583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255309)"; flow:established,from_client; content:"GET"; http_method; content:"/cryyy.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sirault.be"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255309/; classtype:trojan-activity;sid:84118409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255231)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.88.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255231/; classtype:trojan-activity;sid:84118331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255220)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zxcv.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255220/; classtype:trojan-activity;sid:84118320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255222)"; flow:established,from_client; content:"GET"; http_method; content:"/lumma/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255222/; classtype:trojan-activity;sid:84118322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254778)"; flow:established,from_client; content:"GET"; http_method; content:"/blacks/kkkmpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.59.249.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254778/; classtype:trojan-activity;sid:84117878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254774)"; flow:established,from_client; content:"GET"; http_method; content:"/blacks/kkkmips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.59.249.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254774/; classtype:trojan-activity;sid:84117874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254763)"; flow:established,from_client; content:"GET"; http_method; content:"/blacks/kkkarm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.59.249.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254763/; classtype:trojan-activity;sid:84117863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254764)"; flow:established,from_client; content:"GET"; http_method; content:"/hi.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5.59.249.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254764/; classtype:trojan-activity;sid:84117864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254765)"; flow:established,from_client; content:"GET"; http_method; content:"/blacks/kkkx86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.59.249.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254765/; classtype:trojan-activity;sid:84117865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254766)"; flow:established,from_client; content:"GET"; http_method; content:"/blacks/kkkarm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.59.249.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254766/; classtype:trojan-activity;sid:84117866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254767)"; flow:established,from_client; content:"GET"; http_method; content:"/blacks/kkkarm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.59.249.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254767/; classtype:trojan-activity;sid:84117867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254768)"; flow:established,from_client; content:"GET"; http_method; content:"/blacks/kkkarm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.59.249.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254768/; classtype:trojan-activity;sid:84117868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.214.186.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254732/; classtype:trojan-activity;sid:84117832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254719)"; flow:established,from_client; content:"GET"; http_method; content:"/coreopt/plugins/clip64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254719/; classtype:trojan-activity;sid:84117819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254713)"; flow:established,from_client; content:"GET"; http_method; content:"/coreopt/plugins/cred64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254713/; classtype:trojan-activity;sid:84117813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.233.48.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254671/; classtype:trojan-activity;sid:84117771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254502)"; flow:established,from_client; content:"GET"; http_method; content:"/earm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254502/; classtype:trojan-activity;sid:84117602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254503)"; flow:established,from_client; content:"GET"; http_method; content:"/esh4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254503/; classtype:trojan-activity;sid:84117603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254504)"; flow:established,from_client; content:"GET"; http_method; content:"/earm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254504/; classtype:trojan-activity;sid:84117604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254505)"; flow:established,from_client; content:"GET"; http_method; content:"/earm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254505/; classtype:trojan-activity;sid:84117605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254506)"; flow:established,from_client; content:"GET"; http_method; content:"/emips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254506/; classtype:trojan-activity;sid:84117606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254507)"; flow:established,from_client; content:"GET"; http_method; content:"/eppc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254507/; classtype:trojan-activity;sid:84117607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254509)"; flow:established,from_client; content:"GET"; http_method; content:"/empsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254509/; classtype:trojan-activity;sid:84117609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254492)"; flow:established,from_client; content:"GET"; http_method; content:"/empsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254492/; classtype:trojan-activity;sid:84117592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254486)"; flow:established,from_client; content:"GET"; http_method; content:"/earm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254486/; classtype:trojan-activity;sid:84117586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254487)"; flow:established,from_client; content:"GET"; http_method; content:"/emips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254487/; classtype:trojan-activity;sid:84117587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254488)"; flow:established,from_client; content:"GET"; http_method; content:"/earm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254488/; classtype:trojan-activity;sid:84117588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254489)"; flow:established,from_client; content:"GET"; http_method; content:"/esh4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254489/; classtype:trojan-activity;sid:84117589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254490)"; flow:established,from_client; content:"GET"; http_method; content:"/earm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254490/; classtype:trojan-activity;sid:84117590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254491)"; flow:established,from_client; content:"GET"; http_method; content:"/eppc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254491/; classtype:trojan-activity;sid:84117591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254248)"; flow:established,from_client; content:"GET"; http_method; content:"/kdot227/pythonpathfixer/main/main.ps1"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254248/; classtype:trojan-activity;sid:84117348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254247)"; flow:established,from_client; content:"GET"; http_method; content:"/43a1723/test/refs/heads/main/shellcode/loaderclient.ps1"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254247/; classtype:trojan-activity;sid:84117347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254229)"; flow:established,from_client; content:"GET"; http_method; content:"/43a1723/test/releases/download/siu/stub.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254229/; classtype:trojan-activity;sid:84117329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254228)"; flow:established,from_client; content:"GET"; http_method; content:"/kdot227/somalifuscator/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254228/; classtype:trojan-activity;sid:84117328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254226)"; flow:established,from_client; content:"GET"; http_method; content:"/proxyonly/www/raw/main/security.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254226/; classtype:trojan-activity;sid:84117326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254223)"; flow:established,from_client; content:"GET"; http_method; content:"/u6iko/do5a/raw/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254223/; classtype:trojan-activity;sid:84117323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254224)"; flow:established,from_client; content:"GET"; http_method; content:"/unblockedgames2/school-shit/raw/main/fuag.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254224/; classtype:trojan-activity;sid:84117324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254222)"; flow:established,from_client; content:"GET"; http_method; content:"/robloxdev1223/requirements/raw/main/requirements.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254222/; classtype:trojan-activity;sid:84117322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254220)"; flow:established,from_client; content:"GET"; http_method; content:"/cfedss/e/raw/refs/heads/main/powershell.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254220/; classtype:trojan-activity;sid:84117320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254039)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254039/; classtype:trojan-activity;sid:84117139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.214.186.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253983/; classtype:trojan-activity;sid:84117083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.239.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253885/; classtype:trojan-activity;sid:84116985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253594/; classtype:trojan-activity;sid:84116694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.249.236.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253392/; classtype:trojan-activity;sid:84116492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.249.236.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253376/; classtype:trojan-activity;sid:84116476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253370)"; flow:established,from_client; content:"GET"; http_method; content:"/files/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253370/; classtype:trojan-activity;sid:84116470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253356)"; flow:established,from_client; content:"GET"; http_method; content:"/adapt/cabbage"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"javierlopez.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253356/; classtype:trojan-activity;sid:84116456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253354)"; flow:established,from_client; content:"GET"; http_method; content:"/adapt/kingdom"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"javierlopez.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253354/; classtype:trojan-activity;sid:84116454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.249.236.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253057/; classtype:trojan-activity;sid:84116157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252988)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.127.125.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252988/; classtype:trojan-activity;sid:84116088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252991)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.100.63.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252991/; classtype:trojan-activity;sid:84116091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252995)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.36.111.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252995/; classtype:trojan-activity;sid:84116095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252979)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.108.112.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252979/; classtype:trojan-activity;sid:84116079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252975)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.14.104.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252975/; classtype:trojan-activity;sid:84116075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252968)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"112.74.184.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252968/; classtype:trojan-activity;sid:84116068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252970)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.210.236.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252970/; classtype:trojan-activity;sid:84116070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252966)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.54.46.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252966/; classtype:trojan-activity;sid:84116066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252967)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.54.46.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252967/; classtype:trojan-activity;sid:84116067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.120.230.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252685/; classtype:trojan-activity;sid:84115785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252649)"; flow:established,from_client; content:"GET"; http_method; content:"/api/xbot64.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252649/; classtype:trojan-activity;sid:84115749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252650)"; flow:established,from_client; content:"GET"; http_method; content:"/api/xstealer.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252650/; classtype:trojan-activity;sid:84115750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252648)"; flow:established,from_client; content:"GET"; http_method; content:"/api/xloader.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252648/; classtype:trojan-activity;sid:84115748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252637)"; flow:established,from_client; content:"GET"; http_method; content:"/razidvb/myfiles/refs/heads/main/loader.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252637/; classtype:trojan-activity;sid:84115737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252639)"; flow:established,from_client; content:"GET"; http_method; content:"/zefordk/ikeya/refs/heads/main/shellcodeany.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252639/; classtype:trojan-activity;sid:84115739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252632)"; flow:established,from_client; content:"GET"; http_method; content:"/zefordk/ikeya/raw/refs/heads/main/shellcodeany.bin"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252632/; classtype:trojan-activity;sid:84115732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252634)"; flow:established,from_client; content:"GET"; http_method; content:"/razidvb/myfiles/raw/refs/heads/main/loader.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252634/; classtype:trojan-activity;sid:84115734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252630)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17267811/stm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252630/; classtype:trojan-activity;sid:84115730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252592)"; flow:established,from_client; content:"GET"; http_method; content:"/igoralaf/creds/main/marsel.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252592/; classtype:trojan-activity;sid:84115692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252581)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.235.37.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252581/; classtype:trojan-activity;sid:84115681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252582)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.235.37.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252582/; classtype:trojan-activity;sid:84115682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252488)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/refs/heads/main/mipsel"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252488/; classtype:trojan-activity;sid:84115588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252485)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/refs/heads/main/mips"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252485/; classtype:trojan-activity;sid:84115585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252486)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/refs/heads/main/armv7l"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252486/; classtype:trojan-activity;sid:84115586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252487)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/refs/heads/main/animma.sh"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252487/; classtype:trojan-activity;sid:84115587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.87.112.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252211/; classtype:trojan-activity;sid:84115311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.87.112.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252200/; classtype:trojan-activity;sid:84115300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251726)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"222.113.56.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251726/; classtype:trojan-activity;sid:84114826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251535/; classtype:trojan-activity;sid:84114635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251523)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.115.213.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251523/; classtype:trojan-activity;sid:84114623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251037)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/v"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251037/; classtype:trojan-activity;sid:84114137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251025)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251025/; classtype:trojan-activity;sid:84114125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251026)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/bjcaj8aorkdqbsqqyrda.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251026/; classtype:trojan-activity;sid:84114126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251027)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251027/; classtype:trojan-activity;sid:84114127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251028)"; flow:established,from_client; content:"GET"; http_method; content:"/1210/v"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251028/; classtype:trojan-activity;sid:84114128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251029)"; flow:established,from_client; content:"GET"; http_method; content:"/1210/yntfjbwnfbowg4ulufdq.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251029/; classtype:trojan-activity;sid:84114129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251030)"; flow:established,from_client; content:"GET"; http_method; content:"/1210/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251030/; classtype:trojan-activity;sid:84114130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251031)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/wgznfv2hoqz7kuuj2w9v.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251031/; classtype:trojan-activity;sid:84114131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251032)"; flow:established,from_client; content:"GET"; http_method; content:"/1210/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251032/; classtype:trojan-activity;sid:84114132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251033)"; flow:established,from_client; content:"GET"; http_method; content:"/1210/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251033/; classtype:trojan-activity;sid:84114133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251034)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251034/; classtype:trojan-activity;sid:84114134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251035)"; flow:established,from_client; content:"GET"; http_method; content:"/1210/b9uoaokmpdan1gmmrxuo.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251035/; classtype:trojan-activity;sid:84114135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250773)"; flow:established,from_client; content:"GET"; http_method; content:"/off/def.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250773/; classtype:trojan-activity;sid:84113873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250235)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250235/; classtype:trojan-activity;sid:84113335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250181)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12mwqecdk8xb_x0qopbapea6uxwalxo8b"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250181/; classtype:trojan-activity;sid:84113281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250050)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome_93.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sirault.be"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250050/; classtype:trojan-activity;sid:84113150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249858)"; flow:established,from_client; content:"GET"; http_method; content:"/1210/theh4uq3nf0rszgpsynf.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249858/; classtype:trojan-activity;sid:84112958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.69.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249830/; classtype:trojan-activity;sid:84112930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249757)"; flow:established,from_client; content:"GET"; http_method; content:"/sys.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.95.214.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249757/; classtype:trojan-activity;sid:84112857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249755)"; flow:established,from_client; content:"GET"; http_method; content:"/langla.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.77.173.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249755/; classtype:trojan-activity;sid:84112855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249746/; classtype:trojan-activity;sid:84112846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249739)"; flow:established,from_client; content:"GET"; http_method; content:"/img_up/shop_pds/nicehana/client.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"www.xn--on3b15m2lco2u.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249739/; classtype:trojan-activity;sid:84112839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249735)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.193.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249735/; classtype:trojan-activity;sid:84112835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249732)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-data/hexabot%20-gambl%c4%b0ngv2.0.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"bangla-love-sms.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249732/; classtype:trojan-activity;sid:84112832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249698)"; flow:established,from_client; content:"GET"; http_method; content:"/igoralaf/creds/raw/main/marsel.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249698/; classtype:trojan-activity;sid:84112798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249679)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/main/client-built.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249679/; classtype:trojan-activity;sid:84112779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249675)"; flow:established,from_client; content:"GET"; http_method; content:"/quasar/quasar/releases/download/v1.4.1/quasar.v1.4.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249675/; classtype:trojan-activity;sid:84112775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249673)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/raw/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249673/; classtype:trojan-activity;sid:84112773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249674)"; flow:established,from_client; content:"GET"; http_method; content:"/samllea1/gorebox-modmenu/raw/refs/heads/main/gorebox%20modmenu%201.2.0.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249674/; classtype:trojan-activity;sid:84112774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249671)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/raw/refs/heads/main/2klz.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249671/; classtype:trojan-activity;sid:84112771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249669)"; flow:established,from_client; content:"GET"; http_method; content:"/xerussploit/neverlose-loader/raw/refs/heads/main/neverlose%20loader.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249669/; classtype:trojan-activity;sid:84112769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249667)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249667/; classtype:trojan-activity;sid:84112767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249662)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/refs/heads/master/rat/njrat.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249662/; classtype:trojan-activity;sid:84112762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249656)"; flow:established,from_client; content:"GET"; http_method; content:"/alnyak/test/raw/main/testingg.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249656/; classtype:trojan-activity;sid:84112756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249600)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=4e6f63f4c3c86180%21112|7c|26|7c|authkey=!aji85fsyq6pgubw"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249600/; classtype:trojan-activity;sid:84112700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249388)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/asrt/s1.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249388/; classtype:trojan-activity;sid:84112488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.203.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249215/; classtype:trojan-activity;sid:84112315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248725)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.215.136.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248725/; classtype:trojan-activity;sid:84111825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248723)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.215.136.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248723/; classtype:trojan-activity;sid:84111823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248724)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.215.136.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248724/; classtype:trojan-activity;sid:84111824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248722)"; flow:established,from_client; content:"GET"; http_method; content:"/x/pty"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.136.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248722/; classtype:trojan-activity;sid:84111822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248721)"; flow:established,from_client; content:"GET"; http_method; content:"/pay.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"floodernetwork111.accesscam.org"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248721/; classtype:trojan-activity;sid:84111821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248720)"; flow:established,from_client; content:"GET"; http_method; content:"/x/1sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.136.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248720/; classtype:trojan-activity;sid:84111820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.120.230.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248582/; classtype:trojan-activity;sid:84111682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248031)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.235.37.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248031/; classtype:trojan-activity;sid:84111131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248023)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.235.37.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248023/; classtype:trojan-activity;sid:84111123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248024)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.235.37.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248024/; classtype:trojan-activity;sid:84111124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248025)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.235.37.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248025/; classtype:trojan-activity;sid:84111125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248026)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.235.37.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248026/; classtype:trojan-activity;sid:84111126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248027)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.235.37.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248027/; classtype:trojan-activity;sid:84111127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248028)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.235.37.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248028/; classtype:trojan-activity;sid:84111128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248020)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.235.37.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248020/; classtype:trojan-activity;sid:84111120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247928)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.235.37.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247928/; classtype:trojan-activity;sid:84111028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.220.249.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247660/; classtype:trojan-activity;sid:84110760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247570)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.132.166.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247570/; classtype:trojan-activity;sid:84110670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247566/; classtype:trojan-activity;sid:84110666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247417)"; flow:established,from_client; content:"GET"; http_method; content:"/xx86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247417/; classtype:trojan-activity;sid:84110517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247416)"; flow:established,from_client; content:"GET"; http_method; content:"/xmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247416/; classtype:trojan-activity;sid:84110516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247410)"; flow:established,from_client; content:"GET"; http_method; content:"/xx86_64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247410/; classtype:trojan-activity;sid:84110510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247411)"; flow:established,from_client; content:"GET"; http_method; content:"/iarm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247411/; classtype:trojan-activity;sid:84110511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247412)"; flow:established,from_client; content:"GET"; http_method; content:"/xmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247412/; classtype:trojan-activity;sid:84110512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247414)"; flow:established,from_client; content:"GET"; http_method; content:"/xarm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247414/; classtype:trojan-activity;sid:84110514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247373)"; flow:established,from_client; content:"GET"; http_method; content:"/iosyu01/okdash/raw/main/assets/eblagh.apk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247373/; classtype:trojan-activity;sid:84110473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.215.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247272/; classtype:trojan-activity;sid:84110372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.215.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247258/; classtype:trojan-activity;sid:84110358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247149)"; flow:established,from_client; content:"GET"; http_method; content:"/earm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247149/; classtype:trojan-activity;sid:84110249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247150)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247150/; classtype:trojan-activity;sid:84110250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.106.74.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3246878/; classtype:trojan-activity;sid:84109978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.45.19.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3246790/; classtype:trojan-activity;sid:84109890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246076)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"134.122.176.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246076/; classtype:trojan-activity;sid:84109176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246062)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.54.46.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246062/; classtype:trojan-activity;sid:84109162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246057)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.158.37.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246057/; classtype:trojan-activity;sid:84109157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246026)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246026/; classtype:trojan-activity;sid:84109126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246025)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246025/; classtype:trojan-activity;sid:84109125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246023)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.143.1.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246023/; classtype:trojan-activity;sid:84109123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246024)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.143.1.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246024/; classtype:trojan-activity;sid:84109124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246021)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246021/; classtype:trojan-activity;sid:84109121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246022)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.143.1.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246022/; classtype:trojan-activity;sid:84109122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246018)"; flow:established,from_client; content:"GET"; http_method; content:"/mestalic/site/refs/heads/main/file.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246018/; classtype:trojan-activity;sid:84109118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245772)"; flow:established,from_client; content:"GET"; http_method; content:"/sample.hta"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"210.56.13.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245772/; classtype:trojan-activity;sid:84108872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245755)"; flow:established,from_client; content:"GET"; http_method; content:"/kuwaitsetuphockey.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245755/; classtype:trojan-activity;sid:84108855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245756)"; flow:established,from_client; content:"GET"; http_method; content:"/officialsevaluationold.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245756/; classtype:trojan-activity;sid:84108856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245737)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.252.159.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245737/; classtype:trojan-activity;sid:84108837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245733)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.152.219.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245733/; classtype:trojan-activity;sid:84108833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245718)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.201.40.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245718/; classtype:trojan-activity;sid:84108818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245663)"; flow:established,from_client; content:"GET"; http_method; content:"/sample.doc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"116.48.102.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245663/; classtype:trojan-activity;sid:84108763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245661)"; flow:established,from_client; content:"GET"; http_method; content:"/payload2.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"116.48.102.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245661/; classtype:trojan-activity;sid:84108761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245646)"; flow:established,from_client; content:"GET"; http_method; content:"/payload"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"109.248.6.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245646/; classtype:trojan-activity;sid:84108746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245637)"; flow:established,from_client; content:"GET"; http_method; content:"/mpmgsvc.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"119.203.212.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245637/; classtype:trojan-activity;sid:84108737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245553)"; flow:established,from_client; content:"GET"; http_method; content:"/fotonview.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245553/; classtype:trojan-activity;sid:84108653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245551)"; flow:established,from_client; content:"GET"; http_method; content:"/cameracomponent.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245551/; classtype:trojan-activity;sid:84108651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245550)"; flow:established,from_client; content:"GET"; http_method; content:"/evaluation.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245550/; classtype:trojan-activity;sid:84108650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245480)"; flow:established,from_client; content:"GET"; http_method; content:"/luma/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245480/; classtype:trojan-activity;sid:84108580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245479)"; flow:established,from_client; content:"GET"; http_method; content:"/off/random.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245479/; classtype:trojan-activity;sid:84108579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245463)"; flow:established,from_client; content:"GET"; http_method; content:"/hs.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245463/; classtype:trojan-activity;sid:84108563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245459)"; flow:established,from_client; content:"GET"; http_method; content:"/kg.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245459/; classtype:trojan-activity;sid:84108559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245458)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245458/; classtype:trojan-activity;sid:84108558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245416)"; flow:established,from_client; content:"GET"; http_method; content:"/rrq.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"35.185.187.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245416/; classtype:trojan-activity;sid:84108516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.229.174.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245078/; classtype:trojan-activity;sid:84108178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245074/; classtype:trojan-activity;sid:84108174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243505)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/creal.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243505/; classtype:trojan-activity;sid:84106605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243502)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243502/; classtype:trojan-activity;sid:84106602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243499)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svchost.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243499/; classtype:trojan-activity;sid:84106599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243500)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/test.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243500/; classtype:trojan-activity;sid:84106600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243497)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/qqq.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243497/; classtype:trojan-activity;sid:84106597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243489)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/soft.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243489/; classtype:trojan-activity;sid:84106589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243486)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/main.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243486/; classtype:trojan-activity;sid:84106586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243482)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/splwow64.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243482/; classtype:trojan-activity;sid:84106582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243479)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kill.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243479/; classtype:trojan-activity;sid:84106579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243478)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dcratbuild.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243478/; classtype:trojan-activity;sid:84106578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243470)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winrar-x64-701.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243470/; classtype:trojan-activity;sid:84106570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243469)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/soft2.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243469/; classtype:trojan-activity;sid:84106569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243464)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/edge.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243464/; classtype:trojan-activity;sid:84106564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243465)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/univ.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243465/; classtype:trojan-activity;sid:84106565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243459)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cvv.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243459/; classtype:trojan-activity;sid:84106559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243455)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/frap.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243455/; classtype:trojan-activity;sid:84106555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243456)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ovrflw.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243456/; classtype:trojan-activity;sid:84106556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243452)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummnew.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243452/; classtype:trojan-activity;sid:84106552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243445)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xt.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243445/; classtype:trojan-activity;sid:84106545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243448)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxl.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243448/; classtype:trojan-activity;sid:84106548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243442)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/launcher.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243442/; classtype:trojan-activity;sid:84106542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243443)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cc2.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243443/; classtype:trojan-activity;sid:84106543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243432)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hashed.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243432/; classtype:trojan-activity;sid:84106532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243431)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/probnik.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243431/; classtype:trojan-activity;sid:84106531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243421)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/googleupdate.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243421/; classtype:trojan-activity;sid:84106521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243412)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winx86.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243412/; classtype:trojan-activity;sid:84106512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243407)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ewrvuh.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243407/; classtype:trojan-activity;sid:84106507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243406)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/major.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243406/; classtype:trojan-activity;sid:84106506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243400)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243400/; classtype:trojan-activity;sid:84106500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243393)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/out.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243393/; classtype:trojan-activity;sid:84106493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243388)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cccc2.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243388/; classtype:trojan-activity;sid:84106488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243387)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/divinedialogue.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243387/; classtype:trojan-activity;sid:84106487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243383)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cvimelugfq.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243383/; classtype:trojan-activity;sid:84106483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243379)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/file.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243379/; classtype:trojan-activity;sid:84106479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243375)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/12.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243375/; classtype:trojan-activity;sid:84106475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243369)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zzz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243369/; classtype:trojan-activity;sid:84106469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243364)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/diff.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243364/; classtype:trojan-activity;sid:84106464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243358)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dos.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243358/; classtype:trojan-activity;sid:84106458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243351)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newfile.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243351/; classtype:trojan-activity;sid:84106451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243354)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/noll.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243354/; classtype:trojan-activity;sid:84106454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243347)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/shopfree.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243347/; classtype:trojan-activity;sid:84106447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243337)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newbundle.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243337/; classtype:trojan-activity;sid:84106437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243335)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vidar.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243335/; classtype:trojan-activity;sid:84106435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243328)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mk.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243328/; classtype:trojan-activity;sid:84106428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243325)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/neonn.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243325/; classtype:trojan-activity;sid:84106425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243322)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/legas.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243322/; classtype:trojan-activity;sid:84106422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243317)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/prem1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243317/; classtype:trojan-activity;sid:84106417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243313)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/controlledaccesspoint.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243313/; classtype:trojan-activity;sid:84106413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243310)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/processclass.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243310/; classtype:trojan-activity;sid:84106410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243307)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/completestudio.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243307/; classtype:trojan-activity;sid:84106407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243309)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vidsusername.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243309/; classtype:trojan-activity;sid:84106409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243306)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/neon.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243306/; classtype:trojan-activity;sid:84106406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243302)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/loader_5879465914.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243302/; classtype:trojan-activity;sid:84106402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243298)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/onlysteal.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243298/; classtype:trojan-activity;sid:84106398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243290)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/softina.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243290/; classtype:trojan-activity;sid:84106390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243289)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ubi-inst.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243289/; classtype:trojan-activity;sid:84106389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243283)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/singerjudy.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243283/; classtype:trojan-activity;sid:84106383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243284)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xm.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243284/; classtype:trojan-activity;sid:84106384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243285)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/def.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243285/; classtype:trojan-activity;sid:84106385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243278)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ai2.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243278/; classtype:trojan-activity;sid:84106378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243274)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/exclude.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243274/; classtype:trojan-activity;sid:84106374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243276)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kiyan.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243276/; classtype:trojan-activity;sid:84106376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243273)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/windowsexecutable.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243273/; classtype:trojan-activity;sid:84106373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243272)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/torque.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243272/; classtype:trojan-activity;sid:84106372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243271)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/taskhost.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243271/; classtype:trojan-activity;sid:84106371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243138)"; flow:established,from_client; content:"GET"; http_method; content:"/down/jgevbkn6di30"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"222.187.223.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243138/; classtype:trojan-activity;sid:84106238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243135)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/filekey.mentah"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243135/; classtype:trojan-activity;sid:84106235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243134)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/file3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243134/; classtype:trojan-activity;sid:84106234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243133)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/injek3.mentah"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243133/; classtype:trojan-activity;sid:84106233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243121)"; flow:established,from_client; content:"GET"; http_method; content:"/js/s.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"112.217.207.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243121/; classtype:trojan-activity;sid:84106221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243114)"; flow:established,from_client; content:"GET"; http_method; content:"/api/bot.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243114/; classtype:trojan-activity;sid:84106214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243089)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xmrig.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"220.149.212.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243089/; classtype:trojan-activity;sid:84106189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243086)"; flow:established,from_client; content:"GET"; http_method; content:"/update/data/update.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"114.55.106.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243086/; classtype:trojan-activity;sid:84106186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243085)"; flow:established,from_client; content:"GET"; http_method; content:"/up/shensu/shensu_dingdan.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"2882.tpddns.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243085/; classtype:trojan-activity;sid:84106185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243081)"; flow:established,from_client; content:"GET"; http_method; content:"/download/update.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"110.40.51.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243081/; classtype:trojan-activity;sid:84106181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243082)"; flow:established,from_client; content:"GET"; http_method; content:"/sysupdate/ckbgd/2.3.0624.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"8.131.63.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243082/; classtype:trojan-activity;sid:84106182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243079)"; flow:established,from_client; content:"GET"; http_method; content:"/output/client/update.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243079/; classtype:trojan-activity;sid:84106179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243077)"; flow:established,from_client; content:"GET"; http_method; content:"/sysupdate/ckbgd/2.3.0703.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"8.131.63.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243077/; classtype:trojan-activity;sid:84106177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243075)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/temp/_rels/key.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"pb.agnt.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243075/; classtype:trojan-activity;sid:84106175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243038)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/refs/heads/main/glp_installer_900223086_market.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243038/; classtype:trojan-activity;sid:84106138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243035)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/refs/heads/main/no.pdf"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243035/; classtype:trojan-activity;sid:84106135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243036)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/refs/heads/main/1.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243036/; classtype:trojan-activity;sid:84106136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243037)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/refs/heads/main/client.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243037/; classtype:trojan-activity;sid:84106137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243028)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/refs/heads/main/discord.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243028/; classtype:trojan-activity;sid:84106128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243029)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/refs/heads/main/work.bat"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243029/; classtype:trojan-activity;sid:84106129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243030)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/refs/heads/main/client.pdf"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243030/; classtype:trojan-activity;sid:84106130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243031)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/refs/heads/main/client.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243031/; classtype:trojan-activity;sid:84106131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243032)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/refs/heads/main/fud.bat"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243032/; classtype:trojan-activity;sid:84106132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243033)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/refs/heads/main/mario.bat"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243033/; classtype:trojan-activity;sid:84106133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242983)"; flow:established,from_client; content:"GET"; http_method; content:"/flowseal/zapret-discord-youtube/releases/download/1.1.1/zapret-discord-youtube-1.1.1.rar"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242983/; classtype:trojan-activity;sid:84106083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.151.133.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242916/; classtype:trojan-activity;sid:84106016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.151.133.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242903/; classtype:trojan-activity;sid:84106003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242853)"; flow:established,from_client; content:"GET"; http_method; content:"/get/rtsyboyqu8/aa.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242853/; classtype:trojan-activity;sid:84105953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242854)"; flow:established,from_client; content:"GET"; http_method; content:"/get/tvisnldnvi/ardara.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242854/; classtype:trojan-activity;sid:84105954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242852)"; flow:established,from_client; content:"GET"; http_method; content:"/get/xtfglcmk2k/windowshost.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242852/; classtype:trojan-activity;sid:84105952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242851)"; flow:established,from_client; content:"GET"; http_method; content:"/get/mzocixkcrs/ee.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242851/; classtype:trojan-activity;sid:84105951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242850)"; flow:established,from_client; content:"GET"; http_method; content:"/get/840cpxujvq/w.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242850/; classtype:trojan-activity;sid:84105950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242849)"; flow:established,from_client; content:"GET"; http_method; content:"/x.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242849/; classtype:trojan-activity;sid:84105949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242663)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack0832.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242663/; classtype:trojan-activity;sid:84105763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242649)"; flow:established,from_client; content:"GET"; http_method; content:"/js/file.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"osecweb.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242649/; classtype:trojan-activity;sid:84105749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242642)"; flow:established,from_client; content:"GET"; http_method; content:"/rishabhkumardeveloper/malware_analysis_using_ml/main/wildfire-test-pe-file.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242642/; classtype:trojan-activity;sid:84105742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242595)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/octus.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242595/; classtype:trojan-activity;sid:84105695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242594)"; flow:established,from_client; content:"GET"; http_method; content:"/sniffthem.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242594/; classtype:trojan-activity;sid:84105694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242590)"; flow:established,from_client; content:"GET"; http_method; content:"/t9bdjzsl2/plugins/clip.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242590/; classtype:trojan-activity;sid:84105690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242591)"; flow:established,from_client; content:"GET"; http_method; content:"/t9bdjzsl2/plugins/cred.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242591/; classtype:trojan-activity;sid:84105691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242592)"; flow:established,from_client; content:"GET"; http_method; content:"/t9bdjzsl2/plugins/clip64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242592/; classtype:trojan-activity;sid:84105692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242586)"; flow:established,from_client; content:"GET"; http_method; content:"/x.zip"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242586/; classtype:trojan-activity;sid:84105686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242379)"; flow:established,from_client; content:"GET"; http_method; content:"/s/g7qeilrosjgjeoz/download"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"i0001.clarodrive.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242379/; classtype:trojan-activity;sid:84105479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241765)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/main/tweaks.7z"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241765/; classtype:trojan-activity;sid:84104865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241756)"; flow:established,from_client; content:"GET"; http_method; content:"/intergate0/none/main/main.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241756/; classtype:trojan-activity;sid:84104856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241754)"; flow:established,from_client; content:"GET"; http_method; content:"/wbrswbrn/awew45/refs/heads/main/nurik.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241754/; classtype:trojan-activity;sid:84104854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241752)"; flow:established,from_client; content:"GET"; http_method; content:"/kntjspr/licensebytes/refs/heads/main/licensemalwarebytes.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241752/; classtype:trojan-activity;sid:84104852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241646)"; flow:established,from_client; content:"GET"; http_method; content:"/mhemon404/project01/main/system404.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241646/; classtype:trojan-activity;sid:84104746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241643)"; flow:established,from_client; content:"GET"; http_method; content:"/aavaahanan121/tools/main/fern_wifi_recon%252.34.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241643/; classtype:trojan-activity;sid:84104743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241644)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/refs/heads/main/connector1.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241644/; classtype:trojan-activity;sid:84104744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241645)"; flow:established,from_client; content:"GET"; http_method; content:"/ozcanpng/backd00r/main/backd00rhome.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241645/; classtype:trojan-activity;sid:84104745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241637)"; flow:established,from_client; content:"GET"; http_method; content:"/s107000665/c1/master/1223.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241637/; classtype:trojan-activity;sid:84104737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241638)"; flow:established,from_client; content:"GET"; http_method; content:"/iciamyplant/ctf/master/plantrojan.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241638/; classtype:trojan-activity;sid:84104738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241639)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/main/shellcode.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241639/; classtype:trojan-activity;sid:84104739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241640)"; flow:established,from_client; content:"GET"; http_method; content:"/killbillpribil/world-of-tanks/master/world%20of%20tanks.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241640/; classtype:trojan-activity;sid:84104740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241641)"; flow:established,from_client; content:"GET"; http_method; content:"/mach1el/htb-scripts/master/exploit-fuse/shell.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241641/; classtype:trojan-activity;sid:84104741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241642)"; flow:established,from_client; content:"GET"; http_method; content:"/khr0x40sh/whitelistevasion/master/installutil/script.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241642/; classtype:trojan-activity;sid:84104742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241636)"; flow:established,from_client; content:"GET"; http_method; content:"/award.pdf.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"alien-training.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241636/; classtype:trojan-activity;sid:84104736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241635)"; flow:established,from_client; content:"GET"; http_method; content:"/msf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"qiniuyunxz.yxflzs.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241635/; classtype:trojan-activity;sid:84104735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241614)"; flow:established,from_client; content:"GET"; http_method; content:"/hgdhgfh/gfdsgfdsgfdgfsdg.txt"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"valseg.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241614/; classtype:trojan-activity;sid:84104714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241613)"; flow:established,from_client; content:"GET"; http_method; content:"/hgdhgfh/tetete.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"valseg.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241613/; classtype:trojan-activity;sid:84104713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241589)"; flow:established,from_client; content:"GET"; http_method; content:"/onlinematrimonial/shell.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.117.156.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241589/; classtype:trojan-activity;sid:84104689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241584)"; flow:established,from_client; content:"GET"; http_method; content:"/meteran.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"35.185.187.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241584/; classtype:trojan-activity;sid:84104684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241563)"; flow:established,from_client; content:"GET"; http_method; content:"/view.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sister-1324943887.cos.ap-guangzhou.myqcloud.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241563/; classtype:trojan-activity;sid:84104663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241559)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/donut.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241559/; classtype:trojan-activity;sid:84104659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241558)"; flow:established,from_client; content:"GET"; http_method; content:"/xclient.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"huyanhnongdo.io.vn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241558/; classtype:trojan-activity;sid:84104658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241555)"; flow:established,from_client; content:"GET"; http_method; content:"/hgdhgfh/payload.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"valseg.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241555/; classtype:trojan-activity;sid:84104655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241463)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2024-35250.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"101.200.223.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241463/; classtype:trojan-activity;sid:84104563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241404)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.39.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241404/; classtype:trojan-activity;sid:84104504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241397)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.159.148.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241397/; classtype:trojan-activity;sid:84104497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241401)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.122.74.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241401/; classtype:trojan-activity;sid:84104501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241382)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.39.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241382/; classtype:trojan-activity;sid:84104482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241387)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.55.100.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241387/; classtype:trojan-activity;sid:84104487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241378)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.238.103.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241378/; classtype:trojan-activity;sid:84104478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241372)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.96.140.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241372/; classtype:trojan-activity;sid:84104472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241367)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.133.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241367/; classtype:trojan-activity;sid:84104467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241349)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.71.18.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241349/; classtype:trojan-activity;sid:84104449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241354)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.71.18.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241354/; classtype:trojan-activity;sid:84104454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241357)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.158.37.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241357/; classtype:trojan-activity;sid:84104457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241358)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.25.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241358/; classtype:trojan-activity;sid:84104458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241331)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.200.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241331/; classtype:trojan-activity;sid:84104431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241320)"; flow:established,from_client; content:"GET"; http_method; content:"/.ds_store"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"140.192.101.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241320/; classtype:trojan-activity;sid:84104420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241291)"; flow:established,from_client; content:"GET"; http_method; content:"/key.pem"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241291/; classtype:trojan-activity;sid:84104391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241129)"; flow:established,from_client; content:"GET"; http_method; content:"/rvg-nikeisfake0/files/main/rat.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241129/; classtype:trojan-activity;sid:84104229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241127)"; flow:established,from_client; content:"GET"; http_method; content:"/justincoding3/slumfun/main/obfuscated.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241127/; classtype:trojan-activity;sid:84104227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241126)"; flow:established,from_client; content:"GET"; http_method; content:"/r00t-3xp10it/redpill/main/utils/compiled.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241126/; classtype:trojan-activity;sid:84104226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241125)"; flow:established,from_client; content:"GET"; http_method; content:"/secwiki/windows-kernel-exploits/master/ms14-068/ms14-068.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241125/; classtype:trojan-activity;sid:84104225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241124)"; flow:established,from_client; content:"GET"; http_method; content:"/python312/rick-roller/refs/heads/main/main.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241124/; classtype:trojan-activity;sid:84104224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241123)"; flow:established,from_client; content:"GET"; http_method; content:"/prowindows365/hailhydra/refs/heads/main/hailhydra.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241123/; classtype:trojan-activity;sid:84104223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241079)"; flow:established,from_client; content:"GET"; http_method; content:"/mailclone2500/stealer/refs/heads/main/bot2.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241079/; classtype:trojan-activity;sid:84104179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241054)"; flow:established,from_client; content:"GET"; http_method; content:"/43a1723/test/releases/download/siu/stub.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241054/; classtype:trojan-activity;sid:84104154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241055)"; flow:established,from_client; content:"GET"; http_method; content:"/neo23x0/signature-base/archive/master.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241055/; classtype:trojan-activity;sid:84104155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241019)"; flow:established,from_client; content:"GET"; http_method; content:"/gosha1239/onetap/master/onetap.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241019/; classtype:trojan-activity;sid:84104119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241020)"; flow:established,from_client; content:"GET"; http_method; content:"/an0mat/azorult/refs/heads/master/builder.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241020/; classtype:trojan-activity;sid:84104120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241005)"; flow:established,from_client; content:"GET"; http_method; content:"/ricepudding0xl/discordnitrogenerator/main/discordnitrogenerator.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241005/; classtype:trojan-activity;sid:84104105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241004)"; flow:established,from_client; content:"GET"; http_method; content:"/ryan2159/stuff/main/discord.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241004/; classtype:trojan-activity;sid:84104104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241003)"; flow:established,from_client; content:"GET"; http_method; content:"/mrsatan11/mr.satan-ddos/refs/heads/main/mr.satan%20ddos/mr.satan%20ddos.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241003/; classtype:trojan-activity;sid:84104103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241002)"; flow:established,from_client; content:"GET"; http_method; content:"/mrsatan11/mr.satan-ddos/blob/main/mr.satan%20ddos/mr.satan%20ddos.exe|3f|raw=true"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241002/; classtype:trojan-activity;sid:84104102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241001)"; flow:established,from_client; content:"GET"; http_method; content:"/appelsappie123/discord-token-generator-1/refs/heads/main/token%20gen.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241001/; classtype:trojan-activity;sid:84104101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240999)"; flow:established,from_client; content:"GET"; http_method; content:"/sad-dust/death/main/stealinfo.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240999/; classtype:trojan-activity;sid:84104099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240998)"; flow:established,from_client; content:"GET"; http_method; content:"/deepdevil51/discordspotifybypass/main/discordspotifybypass.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240998/; classtype:trojan-activity;sid:84104098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240994)"; flow:established,from_client; content:"GET"; http_method; content:"/deepdevil51/discordspotifybypass/raw/main/discordspotifybypass.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240994/; classtype:trojan-activity;sid:84104094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240880)"; flow:established,from_client; content:"GET"; http_method; content:"//zx.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240880/; classtype:trojan-activity;sid:84103980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240819)"; flow:established,from_client; content:"GET"; http_method; content:"/redcanaryco/atomic-red-team/master/atomics/t1204.002/bin/test10.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240819/; classtype:trojan-activity;sid:84103919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240817)"; flow:established,from_client; content:"GET"; http_method; content:"/cuckoobox/cuckoo/archive/master.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240817/; classtype:trojan-activity;sid:84103917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240813)"; flow:established,from_client; content:"GET"; http_method; content:"/haxork8880/files/main/windowssync.txt.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240813/; classtype:trojan-activity;sid:84103913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240814)"; flow:established,from_client; content:"GET"; http_method; content:"/crjtpp/tpplab_public/main/poc-sample-lnk.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240814/; classtype:trojan-activity;sid:84103914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240812)"; flow:established,from_client; content:"GET"; http_method; content:"/hackerx237/miner/main/my-files.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240812/; classtype:trojan-activity;sid:84103912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240811)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/releases/download/beta_v0.6/all.tweaker.beta.v0.6.7z"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240811/; classtype:trojan-activity;sid:84103911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240810)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/raw/main/tweaks.7z"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240810/; classtype:trojan-activity;sid:84103910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240729)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xss-1253555722.cos.ap-singapore.myqcloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240729/; classtype:trojan-activity;sid:84103829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240720)"; flow:established,from_client; content:"GET"; http_method; content:"/dqwr1q23rwdfr/xxx/releases/download/xxx/vital.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240720/; classtype:trojan-activity;sid:84103820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240639)"; flow:established,from_client; content:"GET"; http_method; content:"/mohdjulaya09/code-sparrow-crypter-2.0-private-crack-leak/releases/download/%23crypter/codesparrow.crypter.2.0.crack.rar"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240639/; classtype:trojan-activity;sid:84103739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240563)"; flow:established,from_client; content:"GET"; http_method; content:"/2019/bkbvideos/av.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240563/; classtype:trojan-activity;sid:84103663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240564)"; flow:established,from_client; content:"GET"; http_method; content:"/2019/bkbvideos/video.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240564/; classtype:trojan-activity;sid:84103664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240565)"; flow:established,from_client; content:"GET"; http_method; content:"/2019/bkbvideos/photo.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240565/; classtype:trojan-activity;sid:84103665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240429)"; flow:established,from_client; content:"GET"; http_method; content:"/%e9%ad%94%e6%99%b6.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"112.74.185.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240429/; classtype:trojan-activity;sid:84103529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240170)"; flow:established,from_client; content:"GET"; http_method; content:"/t9bdjzsl2/plugins/cred64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240170/; classtype:trojan-activity;sid:84103270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240071)"; flow:established,from_client; content:"GET"; http_method; content:"/nuke.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3240071/; classtype:trojan-activity;sid:84103171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.35.225.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239980/; classtype:trojan-activity;sid:84103080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239841)"; flow:established,from_client; content:"GET"; http_method; content:"/reverse_ctl.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.236.122.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239841/; classtype:trojan-activity;sid:84102941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239811)"; flow:established,from_client; content:"GET"; http_method; content:"/api/bot64.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239811/; classtype:trojan-activity;sid:84102911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239812)"; flow:established,from_client; content:"GET"; http_method; content:"/ywx.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239812/; classtype:trojan-activity;sid:84102912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239810)"; flow:established,from_client; content:"GET"; http_method; content:"/geek.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.236.122.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239810/; classtype:trojan-activity;sid:84102910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239804)"; flow:established,from_client; content:"GET"; http_method; content:"/vizian123/msfvenomz/raw/main/reddit.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239804/; classtype:trojan-activity;sid:84102904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239806)"; flow:established,from_client; content:"GET"; http_method; content:"/fsx.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"120.25.157.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239806/; classtype:trojan-activity;sid:84102906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239801)"; flow:established,from_client; content:"GET"; http_method; content:"/qz1.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"120.25.157.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239801/; classtype:trojan-activity;sid:84102901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.106.74.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239740/; classtype:trojan-activity;sid:84102840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239707)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x64.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"8.138.96.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239707/; classtype:trojan-activity;sid:84102807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239678)"; flow:established,from_client; content:"GET"; http_method; content:"/enc.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.253.43.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239678/; classtype:trojan-activity;sid:84102778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239669)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_3.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239669/; classtype:trojan-activity;sid:84102769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239666)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_4.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239666/; classtype:trojan-activity;sid:84102766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239667)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_2.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239667/; classtype:trojan-activity;sid:84102767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239668)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_1.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239668/; classtype:trojan-activity;sid:84102768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239574)"; flow:established,from_client; content:"GET"; http_method; content:"/js/paste.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"112.217.207.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239574/; classtype:trojan-activity;sid:84102674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239323)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/multi"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239323/; classtype:trojan-activity;sid:84102423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239106)"; flow:established,from_client; content:"GET"; http_method; content:"/malicious.jar"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"122.51.52.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239106/; classtype:trojan-activity;sid:84102206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238658)"; flow:established,from_client; content:"GET"; http_method; content:"/eaklauncher/eaklauncher.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"147.50.240.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238658/; classtype:trojan-activity;sid:84101758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238593)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrp.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238593/; classtype:trojan-activity;sid:84101693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.45.19.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238563/; classtype:trojan-activity;sid:84101663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.45.19.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238543/; classtype:trojan-activity;sid:84101643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238540)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/onedrive.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238540/; classtype:trojan-activity;sid:84101640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238242)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/zip/refs/heads/main"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238242/; classtype:trojan-activity;sid:84101342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238230)"; flow:established,from_client; content:"GET"; http_method; content:"/dem7ktu/plugins/clip.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"amoamosss.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238230/; classtype:trojan-activity;sid:84101330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238238)"; flow:established,from_client; content:"GET"; http_method; content:"/h8s9k20gnb2/plugins/clip64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.11.61.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238238/; classtype:trojan-activity;sid:84101338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238226)"; flow:established,from_client; content:"GET"; http_method; content:"/h8s9k20gnb2/plugins/clip.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.11.61.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238226/; classtype:trojan-activity;sid:84101326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238220)"; flow:established,from_client; content:"GET"; http_method; content:"/dem7ktu/plugins/cred.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"amoamosss.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238220/; classtype:trojan-activity;sid:84101320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238218)"; flow:established,from_client; content:"GET"; http_method; content:"/h8s9k20gnb2/plugins/cred.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.11.61.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238218/; classtype:trojan-activity;sid:84101318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238202)"; flow:established,from_client; content:"GET"; http_method; content:"/h8s9k20gnb2/plugins/cred64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.11.61.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238202/; classtype:trojan-activity;sid:84101302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238200)"; flow:established,from_client; content:"GET"; http_method; content:"/dem7ktu/plugins/cred64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"amoamosss.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238200/; classtype:trojan-activity;sid:84101300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238160)"; flow:established,from_client; content:"GET"; http_method; content:"/npc.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"39.105.31.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238160/; classtype:trojan-activity;sid:84101260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238159)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/tb/ewm.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"taodianla.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238159/; classtype:trojan-activity;sid:84101259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238155)"; flow:established,from_client; content:"GET"; http_method; content:"/cdb.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238155/; classtype:trojan-activity;sid:84101255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238124)"; flow:established,from_client; content:"GET"; http_method; content:"/d00mt3l/xworm-5.6/refs/heads/main/xworm%20v5.6.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238124/; classtype:trojan-activity;sid:84101224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238122)"; flow:established,from_client; content:"GET"; http_method; content:"/system.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.197.69.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238122/; classtype:trojan-activity;sid:84101222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238123)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/releases/download/v5.0/xworm.rar"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238123/; classtype:trojan-activity;sid:84101223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238111)"; flow:established,from_client; content:"GET"; http_method; content:"/resources/js/info2r.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"188.81.134.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238111/; classtype:trojan-activity;sid:84101211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238109)"; flow:established,from_client; content:"GET"; http_method; content:"/ywds3/wealthserver.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"in-houselegal.ro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238109/; classtype:trojan-activity;sid:84101209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238108)"; flow:established,from_client; content:"GET"; http_method; content:"/ywds3/clients.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"in-houselegal.ro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238108/; classtype:trojan-activity;sid:84101208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238086)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/f3pe.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238086/; classtype:trojan-activity;sid:84101186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238082)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/erth/main/wenzcord.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238082/; classtype:trojan-activity;sid:84101182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238083)"; flow:established,from_client; content:"GET"; http_method; content:"/azurerex/napewnonievoiderhook/main/seksiak.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238083/; classtype:trojan-activity;sid:84101183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238084)"; flow:established,from_client; content:"GET"; http_method; content:"/python312/rusty-dropper/main/client-built.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238084/; classtype:trojan-activity;sid:84101184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238071)"; flow:established,from_client; content:"GET"; http_method; content:"/zusyaku/malware-collection-part-2/main/rat/njrat.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238071/; classtype:trojan-activity;sid:84101171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238073)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/main/fast%20download.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238073/; classtype:trojan-activity;sid:84101173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238074)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/test-rat-do-not-download-exe/refs/heads/main/discord.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238074/; classtype:trojan-activity;sid:84101174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238076)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/main/built.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238076/; classtype:trojan-activity;sid:84101176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238078)"; flow:established,from_client; content:"GET"; http_method; content:"/raz233/rgdgdrg/main/client.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238078/; classtype:trojan-activity;sid:84101178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238079)"; flow:established,from_client; content:"GET"; http_method; content:"/aspdasdksa2/callback/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238079/; classtype:trojan-activity;sid:84101179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238081)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/main/x.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238081/; classtype:trojan-activity;sid:84101181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238066)"; flow:established,from_client; content:"GET"; http_method; content:"/paketpk/trojan/main/njsilent.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238066/; classtype:trojan-activity;sid:84101166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238067)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/main/svhost.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238067/; classtype:trojan-activity;sid:84101167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238068)"; flow:established,from_client; content:"GET"; http_method; content:"/bublegumle/r32r32/master/server.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238068/; classtype:trojan-activity;sid:84101168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238069)"; flow:established,from_client; content:"GET"; http_method; content:"/monkey958/sdasd/main/856.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238069/; classtype:trojan-activity;sid:84101169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238070)"; flow:established,from_client; content:"GET"; http_method; content:"/proltop1/popka/master/svchost.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238070/; classtype:trojan-activity;sid:84101170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238064)"; flow:established,from_client; content:"GET"; http_method; content:"/fortnitebott/spfnll/main/spofrln.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238064/; classtype:trojan-activity;sid:84101164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238061)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/main/444.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238061/; classtype:trojan-activity;sid:84101161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238062)"; flow:established,from_client; content:"GET"; http_method; content:"/kees5462/this-is-a-roblox-external-cheat-best-one-out-there/refs/heads/main/java32.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238062/; classtype:trojan-activity;sid:84101162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238063)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/main/discord.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238063/; classtype:trojan-activity;sid:84101163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238059)"; flow:established,from_client; content:"GET"; http_method; content:"/xcocgt/priv1/main/testme.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238059/; classtype:trojan-activity;sid:84101159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238058)"; flow:established,from_client; content:"GET"; http_method; content:"/sesafvr/ayo/refs/heads/main/client-built.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238058/; classtype:trojan-activity;sid:84101158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238056)"; flow:established,from_client; content:"GET"; http_method; content:"/impar0/tryyy/main/client.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238056/; classtype:trojan-activity;sid:84101156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238057)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/main/bloxflip%20predictor.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238057/; classtype:trojan-activity;sid:84101157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238055)"; flow:established,from_client; content:"GET"; http_method; content:"/visoxc/misterbombastic/main/don/driverhost.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238055/; classtype:trojan-activity;sid:84101155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238052)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptskiddy/remoteadmintool/master/trojan.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238052/; classtype:trojan-activity;sid:84101152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238054)"; flow:established,from_client; content:"GET"; http_method; content:"/pyxe1/sheesh/9e641bf9dd97a738f11f4b212603758cd9861f27/plswork.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238054/; classtype:trojan-activity;sid:84101154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238050)"; flow:established,from_client; content:"GET"; http_method; content:"/re9neyt/goodfrag-mh-counter-strike-global-offensive-/master/goodfrag.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238050/; classtype:trojan-activity;sid:84101150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238051)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatsan/fcuk/main/client.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238051/; classtype:trojan-activity;sid:84101151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238047)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/main/sentil.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238047/; classtype:trojan-activity;sid:84101147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238048)"; flow:established,from_client; content:"GET"; http_method; content:"/bublegumle/hyh/master/server.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238048/; classtype:trojan-activity;sid:84101148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238045)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/refs/heads/main/njrat.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238045/; classtype:trojan-activity;sid:84101145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238046)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/refs/heads/main/2klz.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238046/; classtype:trojan-activity;sid:84101146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238043)"; flow:established,from_client; content:"GET"; http_method; content:"/mae-luadev/mae-tests/main/office.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238043/; classtype:trojan-activity;sid:84101143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238041)"; flow:established,from_client; content:"GET"; http_method; content:"/tezx11/imgui/main/runtimebroker.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238041/; classtype:trojan-activity;sid:84101141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238035)"; flow:established,from_client; content:"GET"; http_method; content:"/stukit/svhoste/main/svhoste.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238035/; classtype:trojan-activity;sid:84101135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238037)"; flow:established,from_client; content:"GET"; http_method; content:"/fhebngndsg/thefunny/main/client-built.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238037/; classtype:trojan-activity;sid:84101137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238031)"; flow:established,from_client; content:"GET"; http_method; content:"/cupofteaa08/autominepermission/main/runtime%20broker.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238031/; classtype:trojan-activity;sid:84101131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238033)"; flow:established,from_client; content:"GET"; http_method; content:"/tiraundercode/rev/main/client-built.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238033/; classtype:trojan-activity;sid:84101133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238034)"; flow:established,from_client; content:"GET"; http_method; content:"/cmaster324-cell/su/main/client.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238034/; classtype:trojan-activity;sid:84101134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238027)"; flow:established,from_client; content:"GET"; http_method; content:"/lexazar63/minecraft-client/master/steamdetector.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238027/; classtype:trojan-activity;sid:84101127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238028)"; flow:established,from_client; content:"GET"; http_method; content:"/toxicxz/fnaf-1/main/fusca%20game.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238028/; classtype:trojan-activity;sid:84101128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238023)"; flow:established,from_client; content:"GET"; http_method; content:"/vdlosunbik/steam.upgreyd/master/steam.upgreyd.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238023/; classtype:trojan-activity;sid:84101123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238024)"; flow:established,from_client; content:"GET"; http_method; content:"/bormasina/test/main/defender64.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238024/; classtype:trojan-activity;sid:84101124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238025)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/main/amogus.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238025/; classtype:trojan-activity;sid:84101125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238021)"; flow:established,from_client; content:"GET"; http_method; content:"/anonam0369/1/main/discord.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238021/; classtype:trojan-activity;sid:84101121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238022)"; flow:established,from_client; content:"GET"; http_method; content:"/krevedko3221/porno/main/mos%20ssssttttt.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238022/; classtype:trojan-activity;sid:84101122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238018)"; flow:established,from_client; content:"GET"; http_method; content:"/gleb221/paki/master/%d0%9f%d0%b0%d0%ba%d0%b8.rar"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238018/; classtype:trojan-activity;sid:84101118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238019)"; flow:established,from_client; content:"GET"; http_method; content:"/xerussploit/spectrum/main/spectrum.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238019/; classtype:trojan-activity;sid:84101119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238015)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/discord/refs/heads/main/discord.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238015/; classtype:trojan-activity;sid:84101115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238016)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/main/lastest.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238016/; classtype:trojan-activity;sid:84101116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238014)"; flow:established,from_client; content:"GET"; http_method; content:"/pyxe1/sheesh/04f111bc997c01dc4aa6ab035dcb5ff877fc5bbf/client-built.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238014/; classtype:trojan-activity;sid:84101114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238013)"; flow:established,from_client; content:"GET"; http_method; content:"/vampirvikariy/clientn2/master/intro.avi.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238013/; classtype:trojan-activity;sid:84101113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238012)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/main/njrat.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238012/; classtype:trojan-activity;sid:84101112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238011)"; flow:established,from_client; content:"GET"; http_method; content:"/alnyak/test/main/testingg.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238011/; classtype:trojan-activity;sid:84101111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238008)"; flow:established,from_client; content:"GET"; http_method; content:"/xerussploit/neverlose-loader/refs/heads/main/neverlose%20loader.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238008/; classtype:trojan-activity;sid:84101108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238009)"; flow:established,from_client; content:"GET"; http_method; content:"/supfrezze/jtebez/master/dayum.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238009/; classtype:trojan-activity;sid:84101109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238010)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/main/server1.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238010/; classtype:trojan-activity;sid:84101110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238006)"; flow:established,from_client; content:"GET"; http_method; content:"/nxrecxxil/syndicate/main/main.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238006/; classtype:trojan-activity;sid:84101106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237999)"; flow:established,from_client; content:"GET"; http_method; content:"/biseo0/neue/raw/main/client-built.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237999/; classtype:trojan-activity;sid:84101099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237993)"; flow:established,from_client; content:"GET"; http_method; content:"/aspdasdksa2/callback/raw/main/client-built.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237993/; classtype:trojan-activity;sid:84101093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237975)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/blob/master/rat/njrat.exe|3f|raw=true"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237975/; classtype:trojan-activity;sid:84101075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237976)"; flow:established,from_client; content:"GET"; http_method; content:"/5556.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.212.158.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237976/; classtype:trojan-activity;sid:84101076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237956)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/umbral-stealer/zip/refs/heads/main"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237956/; classtype:trojan-activity;sid:84101056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237955)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/blank-grabber/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237955/; classtype:trojan-activity;sid:84101055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237954)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/blankobf/zip/refs/heads/v2"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237954/; classtype:trojan-activity;sid:84101054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237918)"; flow:established,from_client; content:"GET"; http_method; content:"/soporte%5csoporteperfect.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"perfectperu.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237918/; classtype:trojan-activity;sid:84101018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237916)"; flow:established,from_client; content:"GET"; http_method; content:"/descargas/ammyy.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"soportegira.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237916/; classtype:trojan-activity;sid:84101016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237910)"; flow:established,from_client; content:"GET"; http_method; content:"/1111111/aa_v3.5.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"180.150.240.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237910/; classtype:trojan-activity;sid:84101010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237911)"; flow:established,from_client; content:"GET"; http_method; content:"/ammyadmin.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"arcloud.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237911/; classtype:trojan-activity;sid:84101011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237909)"; flow:established,from_client; content:"GET"; http_method; content:"/aa_v3.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"artemka.spb.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237909/; classtype:trojan-activity;sid:84101009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237895)"; flow:established,from_client; content:"GET"; http_method; content:"/files/ext/aa_v3.5.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.draconian.co.za"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237895/; classtype:trojan-activity;sid:84100995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237898)"; flow:established,from_client; content:"GET"; http_method; content:"/aa_v3.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"arcsystem.rodopibg.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237898/; classtype:trojan-activity;sid:84100998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237889)"; flow:established,from_client; content:"GET"; http_method; content:"/activia/aa_v3.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sfa.com.ar"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237889/; classtype:trojan-activity;sid:84100989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237893)"; flow:established,from_client; content:"GET"; http_method; content:"/programs/aa_v3.5.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"monastery.mlnk.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237893/; classtype:trojan-activity;sid:84100993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237880)"; flow:established,from_client; content:"GET"; http_method; content:"/aa_v3.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.130.39.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237880/; classtype:trojan-activity;sid:84100980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237876)"; flow:established,from_client; content:"GET"; http_method; content:"/aa_v3.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.175.186.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237876/; classtype:trojan-activity;sid:84100976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237877)"; flow:established,from_client; content:"GET"; http_method; content:"/download/aa_v3.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.netsolution.it"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237877/; classtype:trojan-activity;sid:84100977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237861)"; flow:established,from_client; content:"GET"; http_method; content:"/joh81/exploi01/zip/refs/heads/main"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237861/; classtype:trojan-activity;sid:84100961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237859)"; flow:established,from_client; content:"GET"; http_method; content:"/spc0cps/s1/zip/refs/heads/main"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237859/; classtype:trojan-activity;sid:84100959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237856)"; flow:established,from_client; content:"GET"; http_method; content:"/mariolalo/myrec/main/notallowedtocrypt.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237856/; classtype:trojan-activity;sid:84100956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237855)"; flow:established,from_client; content:"GET"; http_method; content:"/yusuf216/sshport/main/evetbeta.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237855/; classtype:trojan-activity;sid:84100955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237823)"; flow:established,from_client; content:"GET"; http_method; content:"/cfedss/exe/main/solara_protect.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237823/; classtype:trojan-activity;sid:84100923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237810)"; flow:established,from_client; content:"GET"; http_method; content:"/steve824/a/zip/refs/heads/main"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237810/; classtype:trojan-activity;sid:84100910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237807)"; flow:established,from_client; content:"GET"; http_method; content:"/orospuccocugu/aaaaaa/main/anne.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237807/; classtype:trojan-activity;sid:84100907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237806)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/main/discord2.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237806/; classtype:trojan-activity;sid:84100906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237794)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/main/discord.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237794/; classtype:trojan-activity;sid:84100894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237795)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/daww/main/loader.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237795/; classtype:trojan-activity;sid:84100895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237796)"; flow:established,from_client; content:"GET"; http_method; content:"/jzmvip/jzmfreetool/main/asyncclient.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237796/; classtype:trojan-activity;sid:84100896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237797)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/main/discord3.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237797/; classtype:trojan-activity;sid:84100897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237798)"; flow:established,from_client; content:"GET"; http_method; content:"/jackedmicheal/ccenty/main/crspoofer.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237798/; classtype:trojan-activity;sid:84100898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237799)"; flow:established,from_client; content:"GET"; http_method; content:"/ducminh23/ddosv1/main/ddosziller.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237799/; classtype:trojan-activity;sid:84100899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237800)"; flow:established,from_client; content:"GET"; http_method; content:"/h4ck3dv0d4/terminal-test/main/terminal_9235.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237800/; classtype:trojan-activity;sid:84100900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237801)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/main/asyncclient.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237801/; classtype:trojan-activity;sid:84100901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237802)"; flow:established,from_client; content:"GET"; http_method; content:"/enonek/csdafewafaw/main/beamng.ui.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237802/; classtype:trojan-activity;sid:84100902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237803)"; flow:established,from_client; content:"GET"; http_method; content:"/krishnatherock9673/krishna22/main/krishna33.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237803/; classtype:trojan-activity;sid:84100903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237804)"; flow:established,from_client; content:"GET"; http_method; content:"/dadeiu/codedpython4/main/python%203.10.10.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237804/; classtype:trojan-activity;sid:84100904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237793)"; flow:established,from_client; content:"GET"; http_method; content:"/langla.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ser.nrovn.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237793/; classtype:trojan-activity;sid:84100893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237792)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/raw/main/asyncclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237792/; classtype:trojan-activity;sid:84100892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237780)"; flow:established,from_client; content:"GET"; http_method; content:"/test/num.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237780/; classtype:trojan-activity;sid:84100880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237738)"; flow:established,from_client; content:"GET"; http_method; content:"/ad8386/ad83868386/zip/refs/heads/main"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237738/; classtype:trojan-activity;sid:84100838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237734)"; flow:established,from_client; content:"GET"; http_method; content:"/ad8386/gs8868/zip/refs/heads/main"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237734/; classtype:trojan-activity;sid:84100834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237735)"; flow:established,from_client; content:"GET"; http_method; content:"/ad8386/dt68/zip/refs/heads/main"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237735/; classtype:trojan-activity;sid:84100835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237478)"; flow:established,from_client; content:"GET"; http_method; content:"/earc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237478/; classtype:trojan-activity;sid:84100578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237480)"; flow:established,from_client; content:"GET"; http_method; content:"/ex86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237480/; classtype:trojan-activity;sid:84100580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237464)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_3ozdjl5puad8qn3tipydynn5j7l13el"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237464/; classtype:trojan-activity;sid:84100564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237461)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ai2_gwd-32v1ihs6akmqp1sw23zi2gdn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237461/; classtype:trojan-activity;sid:84100561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237458)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1soxumxee6rx3wzurgdmdfakfdmohvsoj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237458/; classtype:trojan-activity;sid:84100558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237443)"; flow:established,from_client; content:"GET"; http_method; content:"/new.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"210.56.13.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237443/; classtype:trojan-activity;sid:84100543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237385)"; flow:established,from_client; content:"GET"; http_method; content:"/log.out"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"47.103.44.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237385/; classtype:trojan-activity;sid:84100485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236640)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"60.166.36.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236640/; classtype:trojan-activity;sid:84099740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236597)"; flow:established,from_client; content:"GET"; http_method; content:"/center.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.193.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236597/; classtype:trojan-activity;sid:84099697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236587)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"153.37.77.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236587/; classtype:trojan-activity;sid:84099687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236559)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.136.142.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236559/; classtype:trojan-activity;sid:84099659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236485)"; flow:established,from_client; content:"GET"; http_method; content:"/never.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"210.56.13.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236485/; classtype:trojan-activity;sid:84099585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236466)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/cognac/smsinc.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"sbelegi.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236466/; classtype:trojan-activity;sid:84099566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236453)"; flow:established,from_client; content:"GET"; http_method; content:"/s3cur3th1ssh1t/creds/master/powershellscripts/invoke-petitpotam.ps1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236453/; classtype:trojan-activity;sid:84099553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236397)"; flow:established,from_client; content:"GET"; http_method; content:"/api/loader.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236397/; classtype:trojan-activity;sid:84099497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236322)"; flow:established,from_client; content:"GET"; http_method; content:"/file/xw_setup.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236322/; classtype:trojan-activity;sid:84099422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236323)"; flow:established,from_client; content:"GET"; http_method; content:"/file/yhy_setup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236323/; classtype:trojan-activity;sid:84099423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236318)"; flow:established,from_client; content:"GET"; http_method; content:"/products/4001/updates/efatura/efatura.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elisans.novayonetim.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236318/; classtype:trojan-activity;sid:84099418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236317)"; flow:established,from_client; content:"GET"; http_method; content:"/dam/software/keygen.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"desquer.ens.uabc.mx"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236317/; classtype:trojan-activity;sid:84099417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236314)"; flow:established,from_client; content:"GET"; http_method; content:"/ipscan.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"file.edunet.ac"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236314/; classtype:trojan-activity;sid:84099414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236315)"; flow:established,from_client; content:"GET"; http_method; content:"/tgxt.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dow.andylab.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236315/; classtype:trojan-activity;sid:84099415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236313)"; flow:established,from_client; content:"GET"; http_method; content:"/mirdll2.rar"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"dow.andylab.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236313/; classtype:trojan-activity;sid:84099413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236311)"; flow:established,from_client; content:"GET"; http_method; content:"/datdll.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dow.andylab.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236311/; classtype:trojan-activity;sid:84099411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236272)"; flow:established,from_client; content:"GET"; http_method; content:"/1skilllauncher/1skilllauncher.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"147.50.240.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236272/; classtype:trojan-activity;sid:84099372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236240)"; flow:established,from_client; content:"GET"; http_method; content:"/services/identification/server/gtptoolsdownloadhandler.ashx|3f|filename=gtp_6_browserplugin_setup.exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"hnjgdl.geps.glodon.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236240/; classtype:trojan-activity;sid:84099340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236238)"; flow:established,from_client; content:"GET"; http_method; content:"/xbyxsv3.94.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.beiletoys.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236238/; classtype:trojan-activity;sid:84099338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236237)"; flow:established,from_client; content:"GET"; http_method; content:"/natgo.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dl.natgo.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236237/; classtype:trojan-activity;sid:84099337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236236)"; flow:established,from_client; content:"GET"; http_method; content:"/download/etermproxy.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pid.fly160.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236236/; classtype:trojan-activity;sid:84099336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236235)"; flow:established,from_client; content:"GET"; http_method; content:"/paonan.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"paonancs.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236235/; classtype:trojan-activity;sid:84099335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236234)"; flow:established,from_client; content:"GET"; http_method; content:"/datatools/datatools.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"42.193.42.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236234/; classtype:trojan-activity;sid:84099334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236232)"; flow:established,from_client; content:"GET"; http_method; content:"/mvp.dll"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"110.42.46.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236232/; classtype:trojan-activity;sid:84099332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236227)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp/iupdate.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"download.innovare.no"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236227/; classtype:trojan-activity;sid:84099327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236224)"; flow:established,from_client; content:"GET"; http_method; content:"/pdd_biaoge/soft/down.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"49.234.48.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236224/; classtype:trojan-activity;sid:84099324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236220)"; flow:established,from_client; content:"GET"; http_method; content:"/ledgerupdater.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.113.115.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236220/; classtype:trojan-activity;sid:84099320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.229.174.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236185/; classtype:trojan-activity;sid:84099285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.229.174.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236160/; classtype:trojan-activity;sid:84099260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236154)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17267811/stm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236154/; classtype:trojan-activity;sid:84099254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.220.12.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235976/; classtype:trojan-activity;sid:84099076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235750)"; flow:established,from_client; content:"GET"; http_method; content:"/1/ajonjoli115.rar"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"garanticonstruct.ro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235750/; classtype:trojan-activity;sid:84098850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235743)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wwplqokahth8zevqzolw0ydvredepuhu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235743/; classtype:trojan-activity;sid:84098843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235523)"; flow:established,from_client; content:"GET"; http_method; content:"/chainguard-dev/bincapz/archive/refs/tags/v0.5.0.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235523/; classtype:trojan-activity;sid:84098623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235524)"; flow:established,from_client; content:"GET"; http_method; content:"/randomvapeuser/vape-4.11/releases/download/crack/vape.v4.11.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235524/; classtype:trojan-activity;sid:84098624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235522)"; flow:established,from_client; content:"GET"; http_method; content:"/playmcbkuwu/vape/releases/download/stable/vape.v4.10.from.duckysolucky.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235522/; classtype:trojan-activity;sid:84098622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235514)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235514/; classtype:trojan-activity;sid:84098614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235513)"; flow:established,from_client; content:"GET"; http_method; content:"/meckazin/chromekatz/releases/download/0.4.7/chromekatzbofs.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235513/; classtype:trojan-activity;sid:84098613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235094)"; flow:established,from_client; content:"GET"; http_method; content:"/xsh/update.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.126.11.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235094/; classtype:trojan-activity;sid:84098194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235088)"; flow:established,from_client; content:"GET"; http_method; content:"/spoofer.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.141.26.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235088/; classtype:trojan-activity;sid:84098188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235084)"; flow:established,from_client; content:"GET"; http_method; content:"/1_encoded.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"fish.hackbiji.cc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235084/; classtype:trojan-activity;sid:84098184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235077)"; flow:established,from_client; content:"GET"; http_method; content:"/libcurl.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"coach.028csc.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235077/; classtype:trojan-activity;sid:84098177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235061)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/worker.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235061/; classtype:trojan-activity;sid:84098161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234872)"; flow:established,from_client; content:"GET"; http_method; content:"/babskai/vir-s/main/asyncclient.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234872/; classtype:trojan-activity;sid:84097972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234868/; classtype:trojan-activity;sid:84097968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234859)"; flow:established,from_client; content:"GET"; http_method; content:"/petikvx/lockbit-black-builder/main/lockbit30/builder.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234859/; classtype:trojan-activity;sid:84097959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234858)"; flow:established,from_client; content:"GET"; http_method; content:"/tennessene/lockbit/refs/heads/main/builder.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234858/; classtype:trojan-activity;sid:84097958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234803)"; flow:established,from_client; content:"GET"; http_method; content:"/crazycoach.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"coach.028csc.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234803/; classtype:trojan-activity;sid:84097903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234773)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"fish.hackbiji.cc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234773/; classtype:trojan-activity;sid:84097873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.215.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234673/; classtype:trojan-activity;sid:84097773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234465)"; flow:established,from_client; content:"GET"; http_method; content:"/right_distribution.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234465/; classtype:trojan-activity;sid:84097565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234464)"; flow:established,from_client; content:"GET"; http_method; content:"/distribution.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234464/; classtype:trojan-activity;sid:84097564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234462)"; flow:established,from_client; content:"GET"; http_method; content:"/xl_ext_chrome.crx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234462/; classtype:trojan-activity;sid:84097562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234460)"; flow:established,from_client; content:"GET"; http_method; content:"/test.pdf.lnk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234460/; classtype:trojan-activity;sid:84097560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234459)"; flow:established,from_client; content:"GET"; http_method; content:"/distribution.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234459/; classtype:trojan-activity;sid:84097559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234458)"; flow:established,from_client; content:"GET"; http_method; content:"/protect_distribution.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234458/; classtype:trojan-activity;sid:84097558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3233859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.239.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3233859/; classtype:trojan-activity;sid:84096959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3233830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.239.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3233830/; classtype:trojan-activity;sid:84096930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3233702)"; flow:established,from_client; content:"GET"; http_method; content:"/transaction.pdf.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"170.75.168.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3233702/; classtype:trojan-activity;sid:84096802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3233103)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"60.246.154.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3233103/; classtype:trojan-activity;sid:84096203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3233069)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"192.162.49.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3233069/; classtype:trojan-activity;sid:84096169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232529)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/utility-inst.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232529/; classtype:trojan-activity;sid:84095629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232530)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/splwow64_1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232530/; classtype:trojan-activity;sid:84095630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232419)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.250.188.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232419/; classtype:trojan-activity;sid:84095519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232406)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.98.174.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232406/; classtype:trojan-activity;sid:84095506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232407)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.98.174.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232407/; classtype:trojan-activity;sid:84095507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232401)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.196.237.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232401/; classtype:trojan-activity;sid:84095501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232402)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.32.202.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232402/; classtype:trojan-activity;sid:84095502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232389)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.58.220.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232389/; classtype:trojan-activity;sid:84095489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.230.38.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232141/; classtype:trojan-activity;sid:84095241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232090)"; flow:established,from_client; content:"GET"; http_method; content:"/session-https.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3232090/; classtype:trojan-activity;sid:84095190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232089)"; flow:established,from_client; content:"GET"; http_method; content:"/session-http2.hta"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3232089/; classtype:trojan-activity;sid:84095189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231926)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231926/; classtype:trojan-activity;sid:84095026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231796)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16737801/wave.zip|3f|"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231796/; classtype:trojan-activity;sid:84094896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231794)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16419615/solara.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231794/; classtype:trojan-activity;sid:84094894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231554)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.204.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231554/; classtype:trojan-activity;sid:84094654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.230.38.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231212/; classtype:trojan-activity;sid:84094312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.230.38.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231160/; classtype:trojan-activity;sid:84094260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231110)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrp.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231110/; classtype:trojan-activity;sid:84094210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.91.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231040/; classtype:trojan-activity;sid:84094140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230704)"; flow:established,from_client; content:"GET"; http_method; content:"/drhbntdenedrhn/2.jpg"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"odoo.kseibitools.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230704/; classtype:trojan-activity;sid:84093804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230703)"; flow:established,from_client; content:"GET"; http_method; content:"/drhbntdenedrhn/rainbow.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"odoo.kseibitools.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230703/; classtype:trojan-activity;sid:84093803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230278)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.192.195.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230278/; classtype:trojan-activity;sid:84093378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230281)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.218.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230281/; classtype:trojan-activity;sid:84093381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230282)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.96.106.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230282/; classtype:trojan-activity;sid:84093382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230239)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.92.86.239"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230239/; classtype:trojan-activity;sid:84093339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230243)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.3.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230243/; classtype:trojan-activity;sid:84093343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229769)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ijhnoiitqa0hrwlfr2mhhvqblxgdhtgu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229769/; classtype:trojan-activity;sid:84092869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229768)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ozdthulbtwmm7hlrgxef2zxqrysbu6c2"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229768/; classtype:trojan-activity;sid:84092868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229665/; classtype:trojan-activity;sid:84092765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229668)"; flow:established,from_client; content:"GET"; http_method; content:"/mark/def.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229668/; classtype:trojan-activity;sid:84092768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229632)"; flow:established,from_client; content:"GET"; http_method; content:"/parthmodi152/web3-coding-challenge/zip/refs/heads/main"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229632/; classtype:trojan-activity;sid:84092732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229631)"; flow:established,from_client; content:"GET"; http_method; content:"/kamilniftaliev/cryptoview/zip/refs/heads/main"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229631/; classtype:trojan-activity;sid:84092731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228806)"; flow:established,from_client; content:"GET"; http_method; content:"/test.ps1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8.209.212.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228806/; classtype:trojan-activity;sid:84091906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228807)"; flow:established,from_client; content:"GET"; http_method; content:"/test/inject_space.ps1"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"8.209.212.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228807/; classtype:trojan-activity;sid:84091907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228804)"; flow:established,from_client; content:"GET"; http_method; content:"/test/final_mass.ps1"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"8.209.212.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228804/; classtype:trojan-activity;sid:84091904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228805)"; flow:established,from_client; content:"GET"; http_method; content:"/encoded.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"8.209.212.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228805/; classtype:trojan-activity;sid:84091905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228803)"; flow:established,from_client; content:"GET"; http_method; content:"/test/encoded.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"8.209.212.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228803/; classtype:trojan-activity;sid:84091903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228667)"; flow:established,from_client; content:"GET"; http_method; content:"/winassist/login/login.7z"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"win.down.55kantu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228667/; classtype:trojan-activity;sid:84091767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228412)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.0.199.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228412/; classtype:trojan-activity;sid:84091512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228367)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.12.82.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228367/; classtype:trojan-activity;sid:84091467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228368)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"154.12.82.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228368/; classtype:trojan-activity;sid:84091468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228365)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.12.82.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228365/; classtype:trojan-activity;sid:84091465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228366)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.12.82.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228366/; classtype:trojan-activity;sid:84091466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228363)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.12.82.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228363/; classtype:trojan-activity;sid:84091463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228364)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"154.12.82.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228364/; classtype:trojan-activity;sid:84091464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228362)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el_softfloat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"154.12.82.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228362/; classtype:trojan-activity;sid:84091462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228361)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.12.82.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228361/; classtype:trojan-activity;sid:84091461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228360)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.12.82.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228360/; classtype:trojan-activity;sid:84091460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228359)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64el"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.12.82.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228359/; classtype:trojan-activity;sid:84091459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228358)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.12.82.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228358/; classtype:trojan-activity;sid:84091458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228356)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.12.82.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228356/; classtype:trojan-activity;sid:84091456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228357)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.12.82.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228357/; classtype:trojan-activity;sid:84091457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228355)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.12.82.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228355/; classtype:trojan-activity;sid:84091455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228354)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.12.82.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228354/; classtype:trojan-activity;sid:84091454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228353)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips_softfloat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"154.12.82.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228353/; classtype:trojan-activity;sid:84091453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228352)"; flow:established,from_client; content:"GET"; http_method; content:"/win.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.12.82.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228352/; classtype:trojan-activity;sid:84091452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226957)"; flow:established,from_client; content:"GET"; http_method; content:"/devmgmt.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.241.17.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226957/; classtype:trojan-activity;sid:84090057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.237.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226776/; classtype:trojan-activity;sid:84089876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226761)"; flow:established,from_client; content:"GET"; http_method; content:"/second.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"43.241.17.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226761/; classtype:trojan-activity;sid:84089861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226551)"; flow:established,from_client; content:"GET"; http_method; content:"/unmysqld.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"47.238.84.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226551/; classtype:trojan-activity;sid:84089651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226552)"; flow:established,from_client; content:"GET"; http_method; content:"/mariadb.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"47.238.84.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226552/; classtype:trojan-activity;sid:84089652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.220.12.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226347/; classtype:trojan-activity;sid:84089447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226239)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.0/xmrig-6.22.0-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226239/; classtype:trojan-activity;sid:84089339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.220.12.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225968/; classtype:trojan-activity;sid:84089068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225936)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.86.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225936/; classtype:trojan-activity;sid:84089036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225932)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.70.238.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225932/; classtype:trojan-activity;sid:84089032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.239.254.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225931/; classtype:trojan-activity;sid:84089031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225930)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.23.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225930/; classtype:trojan-activity;sid:84089030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225917)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.204.104.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225917/; classtype:trojan-activity;sid:84089017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225465)"; flow:established,from_client; content:"GET"; http_method; content:"/thebig/stail.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.113.115.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_08; reference:url, urlhaus.abuse.ch/url/3225465/; classtype:trojan-activity;sid:84088565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225209)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"onemk3.teracomm.mk"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_08; reference:url, urlhaus.abuse.ch/url/3225209/; classtype:trojan-activity;sid:84088309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3224782)"; flow:established,from_client; content:"GET"; http_method; content:"/32/items/detah-note-v_202410/detahnote_v.jpg"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ia600102.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_10_08; reference:url, urlhaus.abuse.ch/url/3224782/; classtype:trojan-activity;sid:84087882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3224762)"; flow:established,from_client; content:"GET"; http_method; content:"/installsetup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.113.115.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_08; reference:url, urlhaus.abuse.ch/url/3224762/; classtype:trojan-activity;sid:84087862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3224579)"; flow:established,from_client; content:"GET"; http_method; content:"/screenupdatesync.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.113.115.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_08; reference:url, urlhaus.abuse.ch/url/3224579/; classtype:trojan-activity;sid:84087679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3224313)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/unit.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_08; reference:url, urlhaus.abuse.ch/url/3224313/; classtype:trojan-activity;sid:84087413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3224192)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bildnewl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3224192/; classtype:trojan-activity;sid:84087292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223989)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/loadnew.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223989/; classtype:trojan-activity;sid:84087089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223808)"; flow:established,from_client; content:"GET"; http_method; content:"/session.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223808/; classtype:trojan-activity;sid:84086908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223739)"; flow:established,from_client; content:"GET"; http_method; content:"/meeting-https.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223739/; classtype:trojan-activity;sid:84086839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223708)"; flow:established,from_client; content:"GET"; http_method; content:"/extension-http.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223708/; classtype:trojan-activity;sid:84086808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223686)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-https.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223686/; classtype:trojan-activity;sid:84086786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223573)"; flow:established,from_client; content:"GET"; http_method; content:"/broadcomretest.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223573/; classtype:trojan-activity;sid:84086673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223472)"; flow:established,from_client; content:"GET"; http_method; content:"/prototype-https.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223472/; classtype:trojan-activity;sid:84086572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223377)"; flow:established,from_client; content:"GET"; http_method; content:"/intercepter-ng.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223377/; classtype:trojan-activity;sid:84086477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223354)"; flow:established,from_client; content:"GET"; http_method; content:"/transfer.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223354/; classtype:trojan-activity;sid:84086454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223285)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-http.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223285/; classtype:trojan-activity;sid:84086385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223220)"; flow:established,from_client; content:"GET"; http_method; content:"/excel-https.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223220/; classtype:trojan-activity;sid:84086320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223169)"; flow:established,from_client; content:"GET"; http_method; content:"/excel-http.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223169/; classtype:trojan-activity;sid:84086269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223170)"; flow:established,from_client; content:"GET"; http_method; content:"/prototype-tcp.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223170/; classtype:trojan-activity;sid:84086270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223171)"; flow:established,from_client; content:"GET"; http_method; content:"/extension-tcp.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223171/; classtype:trojan-activity;sid:84086271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223174)"; flow:established,from_client; content:"GET"; http_method; content:"/meeting-http.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223174/; classtype:trojan-activity;sid:84086274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.106.74.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218143/; classtype:trojan-activity;sid:84081243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218033)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.207.216.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218033/; classtype:trojan-activity;sid:84081133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218030)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.106.101.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218030/; classtype:trojan-activity;sid:84081130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218031)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218031/; classtype:trojan-activity;sid:84081131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218018)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.90.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218018/; classtype:trojan-activity;sid:84081118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218019)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.147.146.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218019/; classtype:trojan-activity;sid:84081119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218020)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.147.146.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218020/; classtype:trojan-activity;sid:84081120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218021)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.90.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218021/; classtype:trojan-activity;sid:84081121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218022)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218022/; classtype:trojan-activity;sid:84081122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218023)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.56.191.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218023/; classtype:trojan-activity;sid:84081123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218024)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.92.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218024/; classtype:trojan-activity;sid:84081124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218026)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.113.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218026/; classtype:trojan-activity;sid:84081126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218027)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218027/; classtype:trojan-activity;sid:84081127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218028)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.2.45.132"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218028/; classtype:trojan-activity;sid:84081128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218004)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.145.144.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218004/; classtype:trojan-activity;sid:84081104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218005)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.113.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218005/; classtype:trojan-activity;sid:84081105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218006)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.113.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218006/; classtype:trojan-activity;sid:84081106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218007)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218007/; classtype:trojan-activity;sid:84081107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218008)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.113.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218008/; classtype:trojan-activity;sid:84081108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.207.217.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218009/; classtype:trojan-activity;sid:84081109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218010)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218010/; classtype:trojan-activity;sid:84081110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218011)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.147.146.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218011/; classtype:trojan-activity;sid:84081111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218014)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.76.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218014/; classtype:trojan-activity;sid:84081114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218017)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.147.146.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218017/; classtype:trojan-activity;sid:84081117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218002)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218002/; classtype:trojan-activity;sid:84081102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218003)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218003/; classtype:trojan-activity;sid:84081103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218001)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218001/; classtype:trojan-activity;sid:84081101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217811)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.239.74.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217811/; classtype:trojan-activity;sid:84080911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217809)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.90.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217809/; classtype:trojan-activity;sid:84080909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217805)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"105.184.123.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217805/; classtype:trojan-activity;sid:84080905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217786)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217786/; classtype:trojan-activity;sid:84080886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217789)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.122.182.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217789/; classtype:trojan-activity;sid:84080889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217791)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.239.84.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217791/; classtype:trojan-activity;sid:84080891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217792)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.90.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217792/; classtype:trojan-activity;sid:84080892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217793)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"200.232.246.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217793/; classtype:trojan-activity;sid:84080893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217795)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.91.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217795/; classtype:trojan-activity;sid:84080895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217798)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.48.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217798/; classtype:trojan-activity;sid:84080898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217799)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.239.84.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217799/; classtype:trojan-activity;sid:84080899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.130.160.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217802/; classtype:trojan-activity;sid:84080902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217784)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217784/; classtype:trojan-activity;sid:84080884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217780)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.203.169.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217780/; classtype:trojan-activity;sid:84080880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217781)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.92.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217781/; classtype:trojan-activity;sid:84080881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217782)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.66.108.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217782/; classtype:trojan-activity;sid:84080882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217763)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.87.117.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217763/; classtype:trojan-activity;sid:84080863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217764)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.90.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217764/; classtype:trojan-activity;sid:84080864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217765)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.90.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217765/; classtype:trojan-activity;sid:84080865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217768)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.144.250.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217768/; classtype:trojan-activity;sid:84080868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217770)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.147.146.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217770/; classtype:trojan-activity;sid:84080870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217775)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217775/; classtype:trojan-activity;sid:84080875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217776)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217776/; classtype:trojan-activity;sid:84080876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217777)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.179.254.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217777/; classtype:trojan-activity;sid:84080877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217778)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.221.155.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217778/; classtype:trojan-activity;sid:84080878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217753)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217753/; classtype:trojan-activity;sid:84080853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217754)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217754/; classtype:trojan-activity;sid:84080854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217757)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.106.155.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217757/; classtype:trojan-activity;sid:84080857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217759)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217759/; classtype:trojan-activity;sid:84080859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217760)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217760/; classtype:trojan-activity;sid:84080860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217745)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217745/; classtype:trojan-activity;sid:84080845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217746)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.198.247.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217746/; classtype:trojan-activity;sid:84080846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217733)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.171.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217733/; classtype:trojan-activity;sid:84080833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217734)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217734/; classtype:trojan-activity;sid:84080834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217735)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.119.237.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217735/; classtype:trojan-activity;sid:84080835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217736)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.136.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217736/; classtype:trojan-activity;sid:84080836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217737)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"200.232.246.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217737/; classtype:trojan-activity;sid:84080837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217738)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217738/; classtype:trojan-activity;sid:84080838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217740)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.203.169.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217740/; classtype:trojan-activity;sid:84080840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217743)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"125.175.66.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217743/; classtype:trojan-activity;sid:84080843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217713)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217713/; classtype:trojan-activity;sid:84080813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217716)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217716/; classtype:trojan-activity;sid:84080816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217717)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217717/; classtype:trojan-activity;sid:84080817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217719/; classtype:trojan-activity;sid:84080819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217725)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.239.84.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217725/; classtype:trojan-activity;sid:84080825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217728)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.147.146.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217728/; classtype:trojan-activity;sid:84080828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217729)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217729/; classtype:trojan-activity;sid:84080829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217730)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.239.84.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217730/; classtype:trojan-activity;sid:84080830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217710)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217710/; classtype:trojan-activity;sid:84080810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217701)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.92.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217701/; classtype:trojan-activity;sid:84080801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217702)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.19.79.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217702/; classtype:trojan-activity;sid:84080802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217699)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.178.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217699/; classtype:trojan-activity;sid:84080799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217700)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.178.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217700/; classtype:trojan-activity;sid:84080800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217697)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.183.103.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217697/; classtype:trojan-activity;sid:84080797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217698)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.177.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217698/; classtype:trojan-activity;sid:84080798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217691)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.177.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217691/; classtype:trojan-activity;sid:84080791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217692)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.183.103.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217692/; classtype:trojan-activity;sid:84080792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217694)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.177.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217694/; classtype:trojan-activity;sid:84080794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217695)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.209.68.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217695/; classtype:trojan-activity;sid:84080795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217689)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217689/; classtype:trojan-activity;sid:84080789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217684)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.16.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217684/; classtype:trojan-activity;sid:84080784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217681)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.45.183.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217681/; classtype:trojan-activity;sid:84080781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217682)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.45.183.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217682/; classtype:trojan-activity;sid:84080782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217678)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.41.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217678/; classtype:trojan-activity;sid:84080778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217679)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.26.209.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217679/; classtype:trojan-activity;sid:84080779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217665)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217665/; classtype:trojan-activity;sid:84080765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217666)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.76.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217666/; classtype:trojan-activity;sid:84080766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217667)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.76.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217667/; classtype:trojan-activity;sid:84080767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.12.184.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217669/; classtype:trojan-activity;sid:84080769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217672)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"206.204.128.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217672/; classtype:trojan-activity;sid:84080772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217674/; classtype:trojan-activity;sid:84080774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217661)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217661/; classtype:trojan-activity;sid:84080761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217662)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.41.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217662/; classtype:trojan-activity;sid:84080762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217658)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.101.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217658/; classtype:trojan-activity;sid:84080758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217634)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.161.46.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217634/; classtype:trojan-activity;sid:84080734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217638)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.161.6.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217638/; classtype:trojan-activity;sid:84080738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217640)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.224.190.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217640/; classtype:trojan-activity;sid:84080740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217624)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.165.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217624/; classtype:trojan-activity;sid:84080724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217627)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.171.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217627/; classtype:trojan-activity;sid:84080727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217628)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.40.25.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217628/; classtype:trojan-activity;sid:84080728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217595)"; flow:established,from_client; content:"GET"; http_method; content:"/trial.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217595/; classtype:trojan-activity;sid:84080695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217562)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.212.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217562/; classtype:trojan-activity;sid:84080662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217470)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%bf%ae%e6%94%b9%e6%97%b6%e9%97%b4%e6%a0%bc%e5%bc%8f.bat"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"47.94.196.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217470/; classtype:trojan-activity;sid:84080570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217454)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.118.215.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217454/; classtype:trojan-activity;sid:84080554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217426)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.212.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217426/; classtype:trojan-activity;sid:84080526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217403)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.147.146.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217403/; classtype:trojan-activity;sid:84080503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217372)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.147.146.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217372/; classtype:trojan-activity;sid:84080472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217367)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.165.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217367/; classtype:trojan-activity;sid:84080467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.158.95.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217144/; classtype:trojan-activity;sid:84080244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217140/; classtype:trojan-activity;sid:84080240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.4.51.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217123/; classtype:trojan-activity;sid:84080223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.144.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217124/; classtype:trojan-activity;sid:84080224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217127/; classtype:trojan-activity;sid:84080227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.110.206.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217129/; classtype:trojan-activity;sid:84080229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.81.127.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217130/; classtype:trojan-activity;sid:84080230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.252.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217131/; classtype:trojan-activity;sid:84080231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.20.51.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217132/; classtype:trojan-activity;sid:84080232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217133)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.31.135.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217133/; classtype:trojan-activity;sid:84080233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217134/; classtype:trojan-activity;sid:84080234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.15.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217135/; classtype:trojan-activity;sid:84080235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217136/; classtype:trojan-activity;sid:84080236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.105.196.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217139/; classtype:trojan-activity;sid:84080239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217121)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.109.148.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217121/; classtype:trojan-activity;sid:84080221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.149.81.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217122/; classtype:trojan-activity;sid:84080222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.174.152.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217119/; classtype:trojan-activity;sid:84080219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.49.18.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217120/; classtype:trojan-activity;sid:84080220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"86.61.70.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217117/; classtype:trojan-activity;sid:84080217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.90.206.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217112/; classtype:trojan-activity;sid:84080212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.89.11.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217115/; classtype:trojan-activity;sid:84080215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.174.32.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217116/; classtype:trojan-activity;sid:84080216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.185.119.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217092/; classtype:trojan-activity;sid:84080192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217093)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.95.254.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217093/; classtype:trojan-activity;sid:84080193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.223.60.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217095/; classtype:trojan-activity;sid:84080195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.209.184.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217096/; classtype:trojan-activity;sid:84080196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217097/; classtype:trojan-activity;sid:84080197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.238.209.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217098/; classtype:trojan-activity;sid:84080198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.51.180.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217100/; classtype:trojan-activity;sid:84080200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.188.216.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217101/; classtype:trojan-activity;sid:84080201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.109.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217102/; classtype:trojan-activity;sid:84080202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.189.254.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217106/; classtype:trojan-activity;sid:84080206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217109/; classtype:trojan-activity;sid:84080209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.116.68.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217110/; classtype:trojan-activity;sid:84080210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.166.197.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217111/; classtype:trojan-activity;sid:84080211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.65.205.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217080/; classtype:trojan-activity;sid:84080180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.103.100.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217081/; classtype:trojan-activity;sid:84080181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.101.239.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217082/; classtype:trojan-activity;sid:84080182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.237.174.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217085/; classtype:trojan-activity;sid:84080185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217086/; classtype:trojan-activity;sid:84080186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.252.8.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217087/; classtype:trojan-activity;sid:84080187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217088/; classtype:trojan-activity;sid:84080188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.139.153.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217089/; classtype:trojan-activity;sid:84080189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217090/; classtype:trojan-activity;sid:84080190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217091/; classtype:trojan-activity;sid:84080191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217079)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.89.178.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217079/; classtype:trojan-activity;sid:84080179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.19.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217067/; classtype:trojan-activity;sid:84080167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.86.123.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217068/; classtype:trojan-activity;sid:84080168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217069/; classtype:trojan-activity;sid:84080169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.106.221.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217070/; classtype:trojan-activity;sid:84080170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.233.59.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217071/; classtype:trojan-activity;sid:84080171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.135.142.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217072/; classtype:trojan-activity;sid:84080172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217073/; classtype:trojan-activity;sid:84080173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.22.237.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217074/; classtype:trojan-activity;sid:84080174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.237.157.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217045/; classtype:trojan-activity;sid:84080145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"167.250.193.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217046/; classtype:trojan-activity;sid:84080146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.189.56.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217047/; classtype:trojan-activity;sid:84080147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.249.52.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217048/; classtype:trojan-activity;sid:84080148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.203.89.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217049/; classtype:trojan-activity;sid:84080149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.99.218.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217050/; classtype:trojan-activity;sid:84080150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.187.7.29"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217052/; classtype:trojan-activity;sid:84080152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.202.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217053/; classtype:trojan-activity;sid:84080153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.57.121.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217054/; classtype:trojan-activity;sid:84080154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.4.110.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217055/; classtype:trojan-activity;sid:84080155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217056/; classtype:trojan-activity;sid:84080156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.187.36.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217057/; classtype:trojan-activity;sid:84080157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217058/; classtype:trojan-activity;sid:84080158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217059/; classtype:trojan-activity;sid:84080159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.103.63.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217060/; classtype:trojan-activity;sid:84080160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.71.250.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217061/; classtype:trojan-activity;sid:84080161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217062/; classtype:trojan-activity;sid:84080162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217063/; classtype:trojan-activity;sid:84080163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217065/; classtype:trojan-activity;sid:84080165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.219.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217066/; classtype:trojan-activity;sid:84080166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.73.121.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217040/; classtype:trojan-activity;sid:84080140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"159.224.143.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217042/; classtype:trojan-activity;sid:84080142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.192.78.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217043/; classtype:trojan-activity;sid:84080143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217037/; classtype:trojan-activity;sid:84080137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.222.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217034/; classtype:trojan-activity;sid:84080134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.172.187.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217028/; classtype:trojan-activity;sid:84080128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217029/; classtype:trojan-activity;sid:84080129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.83.178.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217031/; classtype:trojan-activity;sid:84080131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217032/; classtype:trojan-activity;sid:84080132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.155.176.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217006/; classtype:trojan-activity;sid:84080106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.30.245.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217008/; classtype:trojan-activity;sid:84080108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217009/; classtype:trojan-activity;sid:84080109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217012/; classtype:trojan-activity;sid:84080112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217014)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.19.183.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217014/; classtype:trojan-activity;sid:84080114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.209.184.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217015/; classtype:trojan-activity;sid:84080115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.25.133.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217017/; classtype:trojan-activity;sid:84080117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.234.151.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217018/; classtype:trojan-activity;sid:84080118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.155.93.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217019/; classtype:trojan-activity;sid:84080119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.123.142.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217021/; classtype:trojan-activity;sid:84080121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217023/; classtype:trojan-activity;sid:84080123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.190.70.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217025/; classtype:trojan-activity;sid:84080125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.46.255.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217026/; classtype:trojan-activity;sid:84080126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217001/; classtype:trojan-activity;sid:84080101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.58.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217002/; classtype:trojan-activity;sid:84080102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217003/; classtype:trojan-activity;sid:84080103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217004/; classtype:trojan-activity;sid:84080104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.29.152.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217005/; classtype:trojan-activity;sid:84080105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.70.0.22"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216999/; classtype:trojan-activity;sid:84080099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.113.103.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216998/; classtype:trojan-activity;sid:84080098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.160.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216996/; classtype:trojan-activity;sid:84080096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.79.48.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216995/; classtype:trojan-activity;sid:84080095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.254.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216966/; classtype:trojan-activity;sid:84080066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216967/; classtype:trojan-activity;sid:84080067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.94.29.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216968/; classtype:trojan-activity;sid:84080068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216969/; classtype:trojan-activity;sid:84080069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.0.4.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216970/; classtype:trojan-activity;sid:84080070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216971/; classtype:trojan-activity;sid:84080071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.94.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216973/; classtype:trojan-activity;sid:84080073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216974/; classtype:trojan-activity;sid:84080074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.153.80.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216975/; classtype:trojan-activity;sid:84080075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.94.100.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216976/; classtype:trojan-activity;sid:84080076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.155.92.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216978/; classtype:trojan-activity;sid:84080078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216980/; classtype:trojan-activity;sid:84080080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.75.32.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216982/; classtype:trojan-activity;sid:84080082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.57.33.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216983/; classtype:trojan-activity;sid:84080083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.139.18.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216984/; classtype:trojan-activity;sid:84080084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216986/; classtype:trojan-activity;sid:84080086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.119.151.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216987/; classtype:trojan-activity;sid:84080087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.160.128.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216989/; classtype:trojan-activity;sid:84080089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.210.27.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216960/; classtype:trojan-activity;sid:84080060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216961/; classtype:trojan-activity;sid:84080061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.73.75.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216963/; classtype:trojan-activity;sid:84080063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216965)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.235.33.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216965/; classtype:trojan-activity;sid:84080065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.23.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216958/; classtype:trojan-activity;sid:84080058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"208.68.68.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216959/; classtype:trojan-activity;sid:84080059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216956/; classtype:trojan-activity;sid:84080056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216950/; classtype:trojan-activity;sid:84080050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.64.182.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216951/; classtype:trojan-activity;sid:84080051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.107.78.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216952/; classtype:trojan-activity;sid:84080052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.185.127.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216953/; classtype:trojan-activity;sid:84080053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.227.118.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216955/; classtype:trojan-activity;sid:84080055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.248.145.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216923/; classtype:trojan-activity;sid:84080023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.143.133.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216924/; classtype:trojan-activity;sid:84080024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.253.241.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216930/; classtype:trojan-activity;sid:84080030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.235.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216931/; classtype:trojan-activity;sid:84080031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.93.41.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216932/; classtype:trojan-activity;sid:84080032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.118.121.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216933/; classtype:trojan-activity;sid:84080033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216934/; classtype:trojan-activity;sid:84080034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.90.207.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216935/; classtype:trojan-activity;sid:84080035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216937/; classtype:trojan-activity;sid:84080037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.128.231.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216938/; classtype:trojan-activity;sid:84080038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.156.224.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216941/; classtype:trojan-activity;sid:84080041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.252.114.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216942/; classtype:trojan-activity;sid:84080042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.160.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216943/; classtype:trojan-activity;sid:84080043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216945/; classtype:trojan-activity;sid:84080045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.2.23.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216946/; classtype:trojan-activity;sid:84080046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.153.20.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216947/; classtype:trojan-activity;sid:84080047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"206.214.35.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216917/; classtype:trojan-activity;sid:84080017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.98.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216919/; classtype:trojan-activity;sid:84080019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.107.239.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216920/; classtype:trojan-activity;sid:84080020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.253.126.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216913/; classtype:trojan-activity;sid:84080013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216889/; classtype:trojan-activity;sid:84079989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.190.20.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216891/; classtype:trojan-activity;sid:84079991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216893/; classtype:trojan-activity;sid:84079993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216894/; classtype:trojan-activity;sid:84079994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.195.141.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216895/; classtype:trojan-activity;sid:84079995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.103.217.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216896/; classtype:trojan-activity;sid:84079996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.218.42.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216897/; classtype:trojan-activity;sid:84079997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216899/; classtype:trojan-activity;sid:84079999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.94.219.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216900/; classtype:trojan-activity;sid:84080000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.209.107.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216902/; classtype:trojan-activity;sid:84080002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216903)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.216.164.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216903/; classtype:trojan-activity;sid:84080003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.236.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216906/; classtype:trojan-activity;sid:84080006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.23.192.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216909/; classtype:trojan-activity;sid:84080009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216910)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.130.70.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216910/; classtype:trojan-activity;sid:84080010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216911/; classtype:trojan-activity;sid:84080011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.189.188.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216879/; classtype:trojan-activity;sid:84079979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.251.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216880/; classtype:trojan-activity;sid:84079980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.117.197.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216881/; classtype:trojan-activity;sid:84079981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.232.241.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216882/; classtype:trojan-activity;sid:84079982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216883/; classtype:trojan-activity;sid:84079983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.43.6.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216884/; classtype:trojan-activity;sid:84079984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.247.68.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216885/; classtype:trojan-activity;sid:84079985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216886/; classtype:trojan-activity;sid:84079986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.236.126.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216888/; classtype:trojan-activity;sid:84079988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.193.21.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216876/; classtype:trojan-activity;sid:84079976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.159.8.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216872/; classtype:trojan-activity;sid:84079972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.204.177.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216850/; classtype:trojan-activity;sid:84079950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.246.106.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216853/; classtype:trojan-activity;sid:84079953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.131.234.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216854/; classtype:trojan-activity;sid:84079954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.41.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216855/; classtype:trojan-activity;sid:84079955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.184.179.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216856/; classtype:trojan-activity;sid:84079956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.59.103.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216859/; classtype:trojan-activity;sid:84079959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216860/; classtype:trojan-activity;sid:84079960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.38.241.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216861/; classtype:trojan-activity;sid:84079961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.15.85.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216862/; classtype:trojan-activity;sid:84079962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.200.63.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216863/; classtype:trojan-activity;sid:84079963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.183.54.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216864/; classtype:trojan-activity;sid:84079964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.72.199.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216865/; classtype:trojan-activity;sid:84079965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216867/; classtype:trojan-activity;sid:84079967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.59.90.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216868/; classtype:trojan-activity;sid:84079968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.144.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216869/; classtype:trojan-activity;sid:84079969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.165.79.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216841/; classtype:trojan-activity;sid:84079941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.242.106.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216842/; classtype:trojan-activity;sid:84079942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216843/; classtype:trojan-activity;sid:84079943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216845/; classtype:trojan-activity;sid:84079945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.217.215.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216846/; classtype:trojan-activity;sid:84079946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.158.175.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216849/; classtype:trojan-activity;sid:84079949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.254.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216830/; classtype:trojan-activity;sid:84079930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.112.93.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216831/; classtype:trojan-activity;sid:84079931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.74.246.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216832/; classtype:trojan-activity;sid:84079932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.119.87.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216833/; classtype:trojan-activity;sid:84079933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.52.48.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216805/; classtype:trojan-activity;sid:84079905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.16.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216808/; classtype:trojan-activity;sid:84079908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.147.225.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216809/; classtype:trojan-activity;sid:84079909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.120.98.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216810/; classtype:trojan-activity;sid:84079910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"134.249.141.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216811/; classtype:trojan-activity;sid:84079911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.74.207.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216812/; classtype:trojan-activity;sid:84079912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216813/; classtype:trojan-activity;sid:84079913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.242.50.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216814/; classtype:trojan-activity;sid:84079914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.84.143.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216816/; classtype:trojan-activity;sid:84079916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.222.45.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216817/; classtype:trojan-activity;sid:84079917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.118.104.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216818/; classtype:trojan-activity;sid:84079918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.143.114.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216820/; classtype:trojan-activity;sid:84079920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216822/; classtype:trojan-activity;sid:84079922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.179.203.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216823/; classtype:trojan-activity;sid:84079923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216824)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.112.212.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216824/; classtype:trojan-activity;sid:84079924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216825)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.4.69.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216825/; classtype:trojan-activity;sid:84079925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216826)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.93.53.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216826/; classtype:trojan-activity;sid:84079926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.166.89.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216827/; classtype:trojan-activity;sid:84079927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.160.87.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216802/; classtype:trojan-activity;sid:84079902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216803/; classtype:trojan-activity;sid:84079903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216804/; classtype:trojan-activity;sid:84079904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.19.251.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216799/; classtype:trojan-activity;sid:84079899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.11.75.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216793/; classtype:trojan-activity;sid:84079893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216794/; classtype:trojan-activity;sid:84079894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216796/; classtype:trojan-activity;sid:84079896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.97.185.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216776/; classtype:trojan-activity;sid:84079876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.148.163.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216777/; classtype:trojan-activity;sid:84079877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.118.45.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216778/; classtype:trojan-activity;sid:84079878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.206.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216779/; classtype:trojan-activity;sid:84079879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.96.214.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216780/; classtype:trojan-activity;sid:84079880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.186.156.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216781/; classtype:trojan-activity;sid:84079881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.16.188.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216782/; classtype:trojan-activity;sid:84079882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.97.137.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216784/; classtype:trojan-activity;sid:84079884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.69.88.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216785/; classtype:trojan-activity;sid:84079885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"86.101.187.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216786/; classtype:trojan-activity;sid:84079886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.93.83.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216787/; classtype:trojan-activity;sid:84079887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.29.162.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216788/; classtype:trojan-activity;sid:84079888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.70.204.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216767/; classtype:trojan-activity;sid:84079867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.97.185.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216770/; classtype:trojan-activity;sid:84079870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216772/; classtype:trojan-activity;sid:84079872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.228.6.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216773/; classtype:trojan-activity;sid:84079873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.70.238.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216775/; classtype:trojan-activity;sid:84079875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.209.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216761/; classtype:trojan-activity;sid:84079861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216763/; classtype:trojan-activity;sid:84079863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.74.29.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216764/; classtype:trojan-activity;sid:84079864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.163.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216754/; classtype:trojan-activity;sid:84079854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.70.207.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216755/; classtype:trojan-activity;sid:84079855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.203.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216751/; classtype:trojan-activity;sid:84079851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.35.34.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216745/; classtype:trojan-activity;sid:84079845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.230.153.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216747/; classtype:trojan-activity;sid:84079847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.254.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216748/; classtype:trojan-activity;sid:84079848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.51.191.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216749/; classtype:trojan-activity;sid:84079849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216750/; classtype:trojan-activity;sid:84079850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.211.169.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216729/; classtype:trojan-activity;sid:84079829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.155.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216730/; classtype:trojan-activity;sid:84079830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.224.243.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216731/; classtype:trojan-activity;sid:84079831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216732/; classtype:trojan-activity;sid:84079832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.127.112.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216733/; classtype:trojan-activity;sid:84079833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.124.105.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216734/; classtype:trojan-activity;sid:84079834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.0.129.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216735/; classtype:trojan-activity;sid:84079835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.187.118.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216736/; classtype:trojan-activity;sid:84079836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.147.127.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216737/; classtype:trojan-activity;sid:84079837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.77.74.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216740/; classtype:trojan-activity;sid:84079840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.234.186.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216741/; classtype:trojan-activity;sid:84079841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216742/; classtype:trojan-activity;sid:84079842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.217.148.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216743/; classtype:trojan-activity;sid:84079843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.29.19.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216744/; classtype:trojan-activity;sid:84079844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.43.59.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216721/; classtype:trojan-activity;sid:84079821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.57.69.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216722/; classtype:trojan-activity;sid:84079822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.190.76.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216723/; classtype:trojan-activity;sid:84079823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216724/; classtype:trojan-activity;sid:84079824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.81.156.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216726/; classtype:trojan-activity;sid:84079826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.4.70.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216727/; classtype:trojan-activity;sid:84079827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.116.62.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216719/; classtype:trojan-activity;sid:84079819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.214.56.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216720/; classtype:trojan-activity;sid:84079820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216715/; classtype:trojan-activity;sid:84079815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.38.241.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216711/; classtype:trojan-activity;sid:84079811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.9.53.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216712/; classtype:trojan-activity;sid:84079812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.138.68.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216713/; classtype:trojan-activity;sid:84079813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.172.170.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216714/; classtype:trojan-activity;sid:84079814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.211.135.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216710/; classtype:trojan-activity;sid:84079810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.135.26.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216704/; classtype:trojan-activity;sid:84079804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.77.128.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216706/; classtype:trojan-activity;sid:84079806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.0.136.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216707/; classtype:trojan-activity;sid:84079807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.66.125.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216708/; classtype:trojan-activity;sid:84079808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216709/; classtype:trojan-activity;sid:84079809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.142.114.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216678/; classtype:trojan-activity;sid:84079778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.181.34.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216681/; classtype:trojan-activity;sid:84079781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216682/; classtype:trojan-activity;sid:84079782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.97.185.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216683/; classtype:trojan-activity;sid:84079783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.147.120.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216684/; classtype:trojan-activity;sid:84079784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216685/; classtype:trojan-activity;sid:84079785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.119.193.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216686/; classtype:trojan-activity;sid:84079786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.188.215.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216687/; classtype:trojan-activity;sid:84079787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.218.189.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216688/; classtype:trojan-activity;sid:84079788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.141.241.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216689/; classtype:trojan-activity;sid:84079789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.85.176.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216690/; classtype:trojan-activity;sid:84079790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.210.35.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216691/; classtype:trojan-activity;sid:84079791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"130.185.229.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216692/; classtype:trojan-activity;sid:84079792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216694/; classtype:trojan-activity;sid:84079794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.120.28.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216695/; classtype:trojan-activity;sid:84079795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216696/; classtype:trojan-activity;sid:84079796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.128.81.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216698/; classtype:trojan-activity;sid:84079798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216700/; classtype:trojan-activity;sid:84079800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.198.199.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216703/; classtype:trojan-activity;sid:84079803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.36.25.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216675/; classtype:trojan-activity;sid:84079775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.100.63.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216676/; classtype:trojan-activity;sid:84079776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.169.63.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216677/; classtype:trojan-activity;sid:84079777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.214.56.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216672/; classtype:trojan-activity;sid:84079772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.232.94.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216671/; classtype:trojan-activity;sid:84079771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216670/; classtype:trojan-activity;sid:84079770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.82.211.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216648/; classtype:trojan-activity;sid:84079748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216650/; classtype:trojan-activity;sid:84079750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216651/; classtype:trojan-activity;sid:84079751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216652/; classtype:trojan-activity;sid:84079752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216653/; classtype:trojan-activity;sid:84079753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.234.253.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216655/; classtype:trojan-activity;sid:84079755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.150.253.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216656/; classtype:trojan-activity;sid:84079756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216658/; classtype:trojan-activity;sid:84079758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.255.17.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216660/; classtype:trojan-activity;sid:84079760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.193.118.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216661/; classtype:trojan-activity;sid:84079761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.39.146.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216662/; classtype:trojan-activity;sid:84079762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.100.50.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216663/; classtype:trojan-activity;sid:84079763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216664/; classtype:trojan-activity;sid:84079764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.140.176.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216665/; classtype:trojan-activity;sid:84079765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.223.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216666/; classtype:trojan-activity;sid:84079766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.213.121.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216667/; classtype:trojan-activity;sid:84079767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216641/; classtype:trojan-activity;sid:84079741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.67.115.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216642/; classtype:trojan-activity;sid:84079742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.190.109.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216644/; classtype:trojan-activity;sid:84079744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.237.174.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216645/; classtype:trojan-activity;sid:84079745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216646/; classtype:trojan-activity;sid:84079746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.226.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216647/; classtype:trojan-activity;sid:84079747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.147.93.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216637/; classtype:trojan-activity;sid:84079737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.204.58.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216634/; classtype:trojan-activity;sid:84079734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.156.46.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216633/; classtype:trojan-activity;sid:84079733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.169.136.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216632/; classtype:trojan-activity;sid:84079732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216626/; classtype:trojan-activity;sid:84079726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.160.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216627/; classtype:trojan-activity;sid:84079727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.58.83.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216630/; classtype:trojan-activity;sid:84079730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216606/; classtype:trojan-activity;sid:84079706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216607/; classtype:trojan-activity;sid:84079707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.218.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216608/; classtype:trojan-activity;sid:84079708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.7.42.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216609/; classtype:trojan-activity;sid:84079709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216610/; classtype:trojan-activity;sid:84079710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.188.254.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216611/; classtype:trojan-activity;sid:84079711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.200.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216613/; classtype:trojan-activity;sid:84079713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.153.22.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216614/; classtype:trojan-activity;sid:84079714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.10.211.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216615/; classtype:trojan-activity;sid:84079715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.233.158.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216617/; classtype:trojan-activity;sid:84079717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.95.14.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216619/; classtype:trojan-activity;sid:84079719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"65.132.139.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216620/; classtype:trojan-activity;sid:84079720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.15.254.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216621/; classtype:trojan-activity;sid:84079721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.105.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216622/; classtype:trojan-activity;sid:84079722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"136.169.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216624/; classtype:trojan-activity;sid:84079724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.204.218.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216625/; classtype:trojan-activity;sid:84079725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216599/; classtype:trojan-activity;sid:84079699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.233.63.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216600/; classtype:trojan-activity;sid:84079700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.18.223.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216602/; classtype:trojan-activity;sid:84079702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.186.54.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216603/; classtype:trojan-activity;sid:84079703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.20.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216604/; classtype:trojan-activity;sid:84079704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.122.28.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216597/; classtype:trojan-activity;sid:84079697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216598/; classtype:trojan-activity;sid:84079698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.230.159.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216596/; classtype:trojan-activity;sid:84079696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.169.235.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216593/; classtype:trojan-activity;sid:84079693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216594/; classtype:trojan-activity;sid:84079694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.92.181.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216595/; classtype:trojan-activity;sid:84079695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.237.172.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216589/; classtype:trojan-activity;sid:84079689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.137.36.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216591/; classtype:trojan-activity;sid:84079691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.248.56.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216572/; classtype:trojan-activity;sid:84079672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.189.125.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216574/; classtype:trojan-activity;sid:84079674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.252.86.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216575/; classtype:trojan-activity;sid:84079675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.129.2.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216576/; classtype:trojan-activity;sid:84079676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216578)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.76.195.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216578/; classtype:trojan-activity;sid:84079678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216581/; classtype:trojan-activity;sid:84079681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216582/; classtype:trojan-activity;sid:84079682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.77.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216583/; classtype:trojan-activity;sid:84079683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.91.236.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216584/; classtype:trojan-activity;sid:84079684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.255.163.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216585/; classtype:trojan-activity;sid:84079685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.200.203.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216588/; classtype:trojan-activity;sid:84079688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.255.42.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216552/; classtype:trojan-activity;sid:84079652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216553/; classtype:trojan-activity;sid:84079653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.239.22.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216554/; classtype:trojan-activity;sid:84079654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216555/; classtype:trojan-activity;sid:84079655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.112.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216556/; classtype:trojan-activity;sid:84079656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216557/; classtype:trojan-activity;sid:84079657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.92.188.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216558/; classtype:trojan-activity;sid:84079658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.46.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216559/; classtype:trojan-activity;sid:84079659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.9.34.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216560/; classtype:trojan-activity;sid:84079660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.164.252.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216562/; classtype:trojan-activity;sid:84079662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.114.152.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216563/; classtype:trojan-activity;sid:84079663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.221.111.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216564/; classtype:trojan-activity;sid:84079664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.30.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216565/; classtype:trojan-activity;sid:84079665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.200.63.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216567/; classtype:trojan-activity;sid:84079667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.251.68.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216568/; classtype:trojan-activity;sid:84079668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216569/; classtype:trojan-activity;sid:84079669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.183.98.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216551/; classtype:trojan-activity;sid:84079651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.254.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216547/; classtype:trojan-activity;sid:84079647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216537/; classtype:trojan-activity;sid:84079637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.151.163.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216538/; classtype:trojan-activity;sid:84079638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.246.83.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216539/; classtype:trojan-activity;sid:84079639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.0.69.42"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216540/; classtype:trojan-activity;sid:84079640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.43.80.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216541/; classtype:trojan-activity;sid:84079641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.74.144.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216542/; classtype:trojan-activity;sid:84079642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"86.101.187.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216543/; classtype:trojan-activity;sid:84079643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.224.100.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216545/; classtype:trojan-activity;sid:84079645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.52.111.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216546/; classtype:trojan-activity;sid:84079646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.143.124.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216512/; classtype:trojan-activity;sid:84079612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.247.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216513/; classtype:trojan-activity;sid:84079613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.213.157.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216514/; classtype:trojan-activity;sid:84079614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.204.104.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216516/; classtype:trojan-activity;sid:84079616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.62.233.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216517/; classtype:trojan-activity;sid:84079617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.147.132.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216518/; classtype:trojan-activity;sid:84079618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216519/; classtype:trojan-activity;sid:84079619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.160.56.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216522/; classtype:trojan-activity;sid:84079622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.150.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216527/; classtype:trojan-activity;sid:84079627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.219.119.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216528/; classtype:trojan-activity;sid:84079628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216529/; classtype:trojan-activity;sid:84079629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.210.217.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216531/; classtype:trojan-activity;sid:84079631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216532/; classtype:trojan-activity;sid:84079632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.61.103.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216534/; classtype:trojan-activity;sid:84079634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.63.242.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216535/; classtype:trojan-activity;sid:84079635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.1.157.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216536/; classtype:trojan-activity;sid:84079636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.202.49.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216509/; classtype:trojan-activity;sid:84079609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216510/; classtype:trojan-activity;sid:84079610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216507/; classtype:trojan-activity;sid:84079607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.140.13.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216506/; classtype:trojan-activity;sid:84079606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.180.35.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216503/; classtype:trojan-activity;sid:84079603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.185.229.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216504/; classtype:trojan-activity;sid:84079604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.80.244.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216480/; classtype:trojan-activity;sid:84079580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.78.75.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216481/; classtype:trojan-activity;sid:84079581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.70.95.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216483/; classtype:trojan-activity;sid:84079583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.22.48.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216484/; classtype:trojan-activity;sid:84079584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216485)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.90.207.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216485/; classtype:trojan-activity;sid:84079585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.181.166.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216488/; classtype:trojan-activity;sid:84079588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.11.216.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216489/; classtype:trojan-activity;sid:84079589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.26.81.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216491/; classtype:trojan-activity;sid:84079591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.191.123.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216492/; classtype:trojan-activity;sid:84079592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.202.220.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216495/; classtype:trojan-activity;sid:84079595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216496/; classtype:trojan-activity;sid:84079596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216497/; classtype:trojan-activity;sid:84079597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.108.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216498/; classtype:trojan-activity;sid:84079598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.252.66.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216499/; classtype:trojan-activity;sid:84079599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.101.191.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216500/; classtype:trojan-activity;sid:84079600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216501/; classtype:trojan-activity;sid:84079601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.227.118.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216502/; classtype:trojan-activity;sid:84079602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.29.147.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216469/; classtype:trojan-activity;sid:84079569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.223.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216470/; classtype:trojan-activity;sid:84079570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216471/; classtype:trojan-activity;sid:84079571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216472)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.246.154.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216472/; classtype:trojan-activity;sid:84079572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.124.61.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216475/; classtype:trojan-activity;sid:84079575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.133.214.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216478/; classtype:trojan-activity;sid:84079578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.69.88.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216468/; classtype:trojan-activity;sid:84079568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.237.250.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216464/; classtype:trojan-activity;sid:84079564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.227.118.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216465/; classtype:trojan-activity;sid:84079565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216463/; classtype:trojan-activity;sid:84079563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216458)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.166.169.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216458/; classtype:trojan-activity;sid:84079558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216457)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"223.247.198.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216457/; classtype:trojan-activity;sid:84079557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216456)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.43.104.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216456/; classtype:trojan-activity;sid:84079556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216452)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"123.235.29.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216452/; classtype:trojan-activity;sid:84079552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216450)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.167.115.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216450/; classtype:trojan-activity;sid:84079550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216447)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.62.242.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216447/; classtype:trojan-activity;sid:84079547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216448)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.152.32.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216448/; classtype:trojan-activity;sid:84079548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216443)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216443/; classtype:trojan-activity;sid:84079543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216440)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"114.215.27.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216440/; classtype:trojan-activity;sid:84079540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216437)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216437/; classtype:trojan-activity;sid:84079537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216433)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"204.9.23.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216433/; classtype:trojan-activity;sid:84079533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216434)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.115.56.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216434/; classtype:trojan-activity;sid:84079534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216435)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216435/; classtype:trojan-activity;sid:84079535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216430)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.122.191.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216430/; classtype:trojan-activity;sid:84079530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216431)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.156.109.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216431/; classtype:trojan-activity;sid:84079531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216428)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.220.203.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216428/; classtype:trojan-activity;sid:84079528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216429)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"123.132.224.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216429/; classtype:trojan-activity;sid:84079529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.211.15.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216425/; classtype:trojan-activity;sid:84079525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216422)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"60.29.43.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216422/; classtype:trojan-activity;sid:84079522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216423)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.233.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216423/; classtype:trojan-activity;sid:84079523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216421)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.92.214.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216421/; classtype:trojan-activity;sid:84079521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216418)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.249.6.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216418/; classtype:trojan-activity;sid:84079518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.121.161.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216419/; classtype:trojan-activity;sid:84079519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.98.186.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216413/; classtype:trojan-activity;sid:84079513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.83.248.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216414/; classtype:trojan-activity;sid:84079514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216415)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.36.17.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216415/; classtype:trojan-activity;sid:84079515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216411)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"219.73.22.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216411/; classtype:trojan-activity;sid:84079511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216409)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.127.74.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216409/; classtype:trojan-activity;sid:84079509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216406)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.232.126.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216406/; classtype:trojan-activity;sid:84079506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216404)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.158.25.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216404/; classtype:trojan-activity;sid:84079504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216403)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"223.247.198.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216403/; classtype:trojan-activity;sid:84079503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216398)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.106.6.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216398/; classtype:trojan-activity;sid:84079498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216396)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.43.104.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216396/; classtype:trojan-activity;sid:84079496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216392)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"119.45.127.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216392/; classtype:trojan-activity;sid:84079492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216393)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.219.177.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216393/; classtype:trojan-activity;sid:84079493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216389)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.214.180.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216389/; classtype:trojan-activity;sid:84079489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216384)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.132.12.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216384/; classtype:trojan-activity;sid:84079484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216382)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216382/; classtype:trojan-activity;sid:84079482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216380)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.220.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216380/; classtype:trojan-activity;sid:84079480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216377)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.110.15.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216377/; classtype:trojan-activity;sid:84079477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216376)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.169.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216376/; classtype:trojan-activity;sid:84079476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216372)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216372/; classtype:trojan-activity;sid:84079472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216371)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.71.73.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216371/; classtype:trojan-activity;sid:84079471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216369)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.233.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216369/; classtype:trojan-activity;sid:84079469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216365)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216365/; classtype:trojan-activity;sid:84079465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216366)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"101.71.255.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216366/; classtype:trojan-activity;sid:84079466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216359)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216359/; classtype:trojan-activity;sid:84079459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216357)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"39.108.237.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216357/; classtype:trojan-activity;sid:84079457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216353)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.117.136.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216353/; classtype:trojan-activity;sid:84079453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216352)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.85.241.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216352/; classtype:trojan-activity;sid:84079452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216349)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.225.217.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216349/; classtype:trojan-activity;sid:84079449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216348)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.106.6.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216348/; classtype:trojan-activity;sid:84079448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216334)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.132.13.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216334/; classtype:trojan-activity;sid:84079434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216336)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"115.37.8.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216336/; classtype:trojan-activity;sid:84079436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216333)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.60.25.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216333/; classtype:trojan-activity;sid:84079433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216330)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.167.172.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216330/; classtype:trojan-activity;sid:84079430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216331)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.167.172.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216331/; classtype:trojan-activity;sid:84079431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216329)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216329/; classtype:trojan-activity;sid:84079429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216327)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.240.97.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216327/; classtype:trojan-activity;sid:84079427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216326)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.156.110.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216326/; classtype:trojan-activity;sid:84079426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216324)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.109.126.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216324/; classtype:trojan-activity;sid:84079424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216325)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.62.190.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216325/; classtype:trojan-activity;sid:84079425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216323)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.228.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216323/; classtype:trojan-activity;sid:84079423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.185.30.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216322/; classtype:trojan-activity;sid:84079422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216321)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216321/; classtype:trojan-activity;sid:84079421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.211.112.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216320/; classtype:trojan-activity;sid:84079420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216319)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.58.56.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216319/; classtype:trojan-activity;sid:84079419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216318)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216318/; classtype:trojan-activity;sid:84079418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216317)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.62.190.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216317/; classtype:trojan-activity;sid:84079417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216314)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216314/; classtype:trojan-activity;sid:84079414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216311)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.46.55.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216311/; classtype:trojan-activity;sid:84079411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216306)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216306/; classtype:trojan-activity;sid:84079406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216305)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.218.175.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216305/; classtype:trojan-activity;sid:84079405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.17.23.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216304/; classtype:trojan-activity;sid:84079404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216302/; classtype:trojan-activity;sid:84079402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.195.82.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216303/; classtype:trojan-activity;sid:84079403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216301/; classtype:trojan-activity;sid:84079401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216290)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%5bwin"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"117.50.184.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216290/; classtype:trojan-activity;sid:84079390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216244)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"149.202.79.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216244/; classtype:trojan-activity;sid:84079344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216194)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"149.202.79.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216194/; classtype:trojan-activity;sid:84079294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215997)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/win"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"117.72.74.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215997/; classtype:trojan-activity;sid:84079097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.70.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215858/; classtype:trojan-activity;sid:84078958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.206.226.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215856/; classtype:trojan-activity;sid:84078956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.236.126.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215857/; classtype:trojan-activity;sid:84078957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.128.81.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215845/; classtype:trojan-activity;sid:84078945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.4.70.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215846/; classtype:trojan-activity;sid:84078946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.246.83.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215844/; classtype:trojan-activity;sid:84078944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.210.27.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215838/; classtype:trojan-activity;sid:84078938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"156.155.176.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215839/; classtype:trojan-activity;sid:84078939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.70.207.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215841/; classtype:trojan-activity;sid:84078941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.124.61.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215842/; classtype:trojan-activity;sid:84078942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.252.8.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215843/; classtype:trojan-activity;sid:84078943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215834/; classtype:trojan-activity;sid:84078934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.202.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215835/; classtype:trojan-activity;sid:84078935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.254.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215831/; classtype:trojan-activity;sid:84078931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.74.207.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215832/; classtype:trojan-activity;sid:84078932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.111.30.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215819/; classtype:trojan-activity;sid:84078919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.185.229.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215820/; classtype:trojan-activity;sid:84078920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.97.185.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215822/; classtype:trojan-activity;sid:84078922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.217.215.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215823/; classtype:trojan-activity;sid:84078923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.225.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215826/; classtype:trojan-activity;sid:84078926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.74.246.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215827/; classtype:trojan-activity;sid:84078927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.160.56.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215829/; classtype:trojan-activity;sid:84078929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215830/; classtype:trojan-activity;sid:84078930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.83.178.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215814/; classtype:trojan-activity;sid:84078914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.57.69.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215816/; classtype:trojan-activity;sid:84078916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.36.25.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215817/; classtype:trojan-activity;sid:84078917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.174.32.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215812/; classtype:trojan-activity;sid:84078912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.51.180.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215813/; classtype:trojan-activity;sid:84078913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.214.56.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215810/; classtype:trojan-activity;sid:84078910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215811/; classtype:trojan-activity;sid:84078911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.113.103.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215798/; classtype:trojan-activity;sid:84078898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.234.151.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215799/; classtype:trojan-activity;sid:84078899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.85.176.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215800/; classtype:trojan-activity;sid:84078900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.35.34.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215804/; classtype:trojan-activity;sid:84078904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.233.158.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215805/; classtype:trojan-activity;sid:84078905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.86.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215806/; classtype:trojan-activity;sid:84078906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.216.164.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215807/; classtype:trojan-activity;sid:84078907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.95.14.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215809/; classtype:trojan-activity;sid:84078909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.74.29.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215777/; classtype:trojan-activity;sid:84078877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.151.108.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215780/; classtype:trojan-activity;sid:84078880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.70.0.22"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215782/; classtype:trojan-activity;sid:84078882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.23.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215784/; classtype:trojan-activity;sid:84078884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.233.63.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215785/; classtype:trojan-activity;sid:84078885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.7.29"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215787/; classtype:trojan-activity;sid:84078887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.186.54.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215788/; classtype:trojan-activity;sid:84078888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.246.106.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215790/; classtype:trojan-activity;sid:84078890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.11.216.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215791/; classtype:trojan-activity;sid:84078891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.179.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215792/; classtype:trojan-activity;sid:84078892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.112.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215793/; classtype:trojan-activity;sid:84078893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.70.238.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215794/; classtype:trojan-activity;sid:84078894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.221.111.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215795/; classtype:trojan-activity;sid:84078895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.49.18.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215774/; classtype:trojan-activity;sid:84078874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.193.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215775/; classtype:trojan-activity;sid:84078875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.156.224.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215776/; classtype:trojan-activity;sid:84078876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215772/; classtype:trojan-activity;sid:84078872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.172.187.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215485/; classtype:trojan-activity;sid:84078585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.16.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215484/; classtype:trojan-activity;sid:84078584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.203.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215481/; classtype:trojan-activity;sid:84078581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.203.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215482/; classtype:trojan-activity;sid:84078582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.26.81.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215483/; classtype:trojan-activity;sid:84078583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215478/; classtype:trojan-activity;sid:84078578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.246.154.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215479/; classtype:trojan-activity;sid:84078579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.124.105.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215470/; classtype:trojan-activity;sid:84078570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.103.100.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215471/; classtype:trojan-activity;sid:84078571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.153.80.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215472/; classtype:trojan-activity;sid:84078572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.155.92.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215473/; classtype:trojan-activity;sid:84078573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.214.56.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215474/; classtype:trojan-activity;sid:84078574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.135.26.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215476/; classtype:trojan-activity;sid:84078576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.68.68.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215467/; classtype:trojan-activity;sid:84078567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.151.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215468/; classtype:trojan-activity;sid:84078568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.97.185.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215462/; classtype:trojan-activity;sid:84078562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.160.87.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215463/; classtype:trojan-activity;sid:84078563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.98.186.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215464/; classtype:trojan-activity;sid:84078564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.131.234.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215465/; classtype:trojan-activity;sid:84078565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.253.126.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215450/; classtype:trojan-activity;sid:84078550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.97.185.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215451/; classtype:trojan-activity;sid:84078551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.78.75.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215452/; classtype:trojan-activity;sid:84078552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.107.239.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215453/; classtype:trojan-activity;sid:84078553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215455/; classtype:trojan-activity;sid:84078555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.195.82.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215456/; classtype:trojan-activity;sid:84078556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.139.18.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215457/; classtype:trojan-activity;sid:84078557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.59.103.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215458/; classtype:trojan-activity;sid:84078558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.209.107.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215446/; classtype:trojan-activity;sid:84078546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.9.34.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215447/; classtype:trojan-activity;sid:84078547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.223.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215449/; classtype:trojan-activity;sid:84078549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.218.42.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215442/; classtype:trojan-activity;sid:84078542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.204.218.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215433/; classtype:trojan-activity;sid:84078533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.91.236.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215434/; classtype:trojan-activity;sid:84078534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.94.219.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215435/; classtype:trojan-activity;sid:84078535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.75.32.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215437/; classtype:trojan-activity;sid:84078537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.148.163.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215438/; classtype:trojan-activity;sid:84078538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.140.13.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215439/; classtype:trojan-activity;sid:84078539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"184.185.30.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215440/; classtype:trojan-activity;sid:84078540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.43.80.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215430/; classtype:trojan-activity;sid:84078530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.169.63.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215431/; classtype:trojan-activity;sid:84078531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.15.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215424/; classtype:trojan-activity;sid:84078524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.82.211.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215425/; classtype:trojan-activity;sid:84078525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.200.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215426/; classtype:trojan-activity;sid:84078526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.147.127.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215427/; classtype:trojan-activity;sid:84078527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.141.241.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215429/; classtype:trojan-activity;sid:84078529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215421/; classtype:trojan-activity;sid:84078521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"206.214.35.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215422/; classtype:trojan-activity;sid:84078522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215420/; classtype:trojan-activity;sid:84078520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.235.33.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215416/; classtype:trojan-activity;sid:84078516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.255.217.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215417/; classtype:trojan-activity;sid:84078517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.252.114.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215418/; classtype:trojan-activity;sid:84078518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.189.56.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215419/; classtype:trojan-activity;sid:84078519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.7.209.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215409/; classtype:trojan-activity;sid:84078509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"130.185.229.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215411/; classtype:trojan-activity;sid:84078511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.97.185.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215414/; classtype:trojan-activity;sid:84078514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.143.114.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215403/; classtype:trojan-activity;sid:84078503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.223.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215404/; classtype:trojan-activity;sid:84078504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.234.186.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215400/; classtype:trojan-activity;sid:84078500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.118.121.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215401/; classtype:trojan-activity;sid:84078501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.149.81.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215402/; classtype:trojan-activity;sid:84078502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.166.89.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215390/; classtype:trojan-activity;sid:84078490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.203.89.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215392/; classtype:trojan-activity;sid:84078492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"134.249.141.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215393/; classtype:trojan-activity;sid:84078493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215399/; classtype:trojan-activity;sid:84078499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.251.68.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215384/; classtype:trojan-activity;sid:84078484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.204.58.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215387/; classtype:trojan-activity;sid:84078487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.61.103.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215388/; classtype:trojan-activity;sid:84078488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.116.62.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215380/; classtype:trojan-activity;sid:84078480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.242.50.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215381/; classtype:trojan-activity;sid:84078481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.46.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215382/; classtype:trojan-activity;sid:84078482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.251.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215383/; classtype:trojan-activity;sid:84078483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.232.94.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215376/; classtype:trojan-activity;sid:84078476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.85.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215377/; classtype:trojan-activity;sid:84078477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.204.104.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215378/; classtype:trojan-activity;sid:84078478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.97.137.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215379/; classtype:trojan-activity;sid:84078479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.23.192.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215366/; classtype:trojan-activity;sid:84078466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.213.121.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215368/; classtype:trojan-activity;sid:84078468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.160.128.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215369/; classtype:trojan-activity;sid:84078469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.103.63.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215370/; classtype:trojan-activity;sid:84078470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.238.209.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215371/; classtype:trojan-activity;sid:84078471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.105.196.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215372/; classtype:trojan-activity;sid:84078472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.218.189.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215358/; classtype:trojan-activity;sid:84078458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.166.197.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215359/; classtype:trojan-activity;sid:84078459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.109.148.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215360/; classtype:trojan-activity;sid:84078460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.11.75.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215361/; classtype:trojan-activity;sid:84078461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.132.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215362/; classtype:trojan-activity;sid:84078462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.223.60.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215363/; classtype:trojan-activity;sid:84078463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.112.212.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215364/; classtype:trojan-activity;sid:84078464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.254.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215365/; classtype:trojan-activity;sid:84078465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.211.135.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215356/; classtype:trojan-activity;sid:84078456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215357/; classtype:trojan-activity;sid:84078457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.61.70.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215353/; classtype:trojan-activity;sid:84078453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215327)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.115.230.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215327/; classtype:trojan-activity;sid:84078427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215328)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.46.212.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215328/; classtype:trojan-activity;sid:84078428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215322)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"112.124.68.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215322/; classtype:trojan-activity;sid:84078422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215323)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"60.204.134.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215323/; classtype:trojan-activity;sid:84078423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215319)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.147.234.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215319/; classtype:trojan-activity;sid:84078419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215296)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.134.12.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215296/; classtype:trojan-activity;sid:84078396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215297)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.148.5.183"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215297/; classtype:trojan-activity;sid:84078397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215292)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.92.86.239"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215292/; classtype:trojan-activity;sid:84078392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215293)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.242.1.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215293/; classtype:trojan-activity;sid:84078393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215278)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.158.13.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215278/; classtype:trojan-activity;sid:84078378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215259)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215259/; classtype:trojan-activity;sid:84078359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215255)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.141.166.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215255/; classtype:trojan-activity;sid:84078355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214637)"; flow:established,from_client; content:"GET"; http_method; content:"/earm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214637/; classtype:trojan-activity;sid:84077737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214638)"; flow:established,from_client; content:"GET"; http_method; content:"/eppc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214638/; classtype:trojan-activity;sid:84077738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214639)"; flow:established,from_client; content:"GET"; http_method; content:"/earm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214639/; classtype:trojan-activity;sid:84077739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214640)"; flow:established,from_client; content:"GET"; http_method; content:"/earm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214640/; classtype:trojan-activity;sid:84077740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214641)"; flow:established,from_client; content:"GET"; http_method; content:"/esh4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214641/; classtype:trojan-activity;sid:84077741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214193)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.122.64.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214193/; classtype:trojan-activity;sid:84077293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214183)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"20.189.76.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214183/; classtype:trojan-activity;sid:84077283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214160)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.254.74.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214160/; classtype:trojan-activity;sid:84077260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214161)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.130.42.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214161/; classtype:trojan-activity;sid:84077261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214162)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.56.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214162/; classtype:trojan-activity;sid:84077262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214166)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.108.134.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214166/; classtype:trojan-activity;sid:84077266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214173)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.100.182.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214173/; classtype:trojan-activity;sid:84077273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214174)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.143.2.128"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214174/; classtype:trojan-activity;sid:84077274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214157)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.131.50.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214157/; classtype:trojan-activity;sid:84077257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214137)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.252.182.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214137/; classtype:trojan-activity;sid:84077237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214136)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.97.105.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214136/; classtype:trojan-activity;sid:84077236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214129)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.0.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214129/; classtype:trojan-activity;sid:84077229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214130)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.48.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214130/; classtype:trojan-activity;sid:84077230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214126)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"223.26.61.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214126/; classtype:trojan-activity;sid:84077226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214128)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"211.149.159.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214128/; classtype:trojan-activity;sid:84077228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214105)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.199.28.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214105/; classtype:trojan-activity;sid:84077205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214106)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.250.188.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214106/; classtype:trojan-activity;sid:84077206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214109)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.55.195.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214109/; classtype:trojan-activity;sid:84077209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214119)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.244.167.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214119/; classtype:trojan-activity;sid:84077219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214097)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.106.216.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214097/; classtype:trojan-activity;sid:84077197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214099)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.15.224.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214099/; classtype:trojan-activity;sid:84077199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.214.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214078/; classtype:trojan-activity;sid:84077178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213897)"; flow:established,from_client; content:"GET"; http_method; content:"/matinrco/tor/releases/download/v0.4.5.10/tor-expert-bundle-v0.4.5.10.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213897/; classtype:trojan-activity;sid:84076997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.247.214.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213563/; classtype:trojan-activity;sid:84076663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.214.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213507/; classtype:trojan-activity;sid:84076607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3209952)"; flow:established,from_client; content:"GET"; http_method; content:"/emips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_04; reference:url, urlhaus.abuse.ch/url/3209952/; classtype:trojan-activity;sid:84073052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3209936)"; flow:established,from_client; content:"GET"; http_method; content:"/empsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_04; reference:url, urlhaus.abuse.ch/url/3209936/; classtype:trojan-activity;sid:84073036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208612)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ewpeloxttug.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208612/; classtype:trojan-activity;sid:84071712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208614)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rstxdhuj.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208614/; classtype:trojan-activity;sid:84071714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208610)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newbundle2.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208610/; classtype:trojan-activity;sid:84071710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208611)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummetc.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208611/; classtype:trojan-activity;sid:84071711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208605)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lgendpremium.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208605/; classtype:trojan-activity;sid:84071705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208603)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/deliciouspart.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208603/; classtype:trojan-activity;sid:84071703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208604)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pkcontent.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208604/; classtype:trojan-activity;sid:84071704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208362)"; flow:established,from_client; content:"GET"; http_method; content:"/erhtrnrtw/2.jpg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"passagetoeastafrica.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208362/; classtype:trojan-activity;sid:84071462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208345)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208345/; classtype:trojan-activity;sid:84071445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208342)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208342/; classtype:trojan-activity;sid:84071442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208343)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208343/; classtype:trojan-activity;sid:84071443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208334)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208334/; classtype:trojan-activity;sid:84071434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208335)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208335/; classtype:trojan-activity;sid:84071435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208336)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208336/; classtype:trojan-activity;sid:84071436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208337)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208337/; classtype:trojan-activity;sid:84071437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208339)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208339/; classtype:trojan-activity;sid:84071439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208340)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208340/; classtype:trojan-activity;sid:84071440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208315)"; flow:established,from_client; content:"GET"; http_method; content:"/download/3d%20builder_12_1201419.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"znrq.zifwxq.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208315/; classtype:trojan-activity;sid:84071415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208141)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.71.158.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208141/; classtype:trojan-activity;sid:84071241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208140)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.98.196.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208140/; classtype:trojan-activity;sid:84071240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208139)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.196.95.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208139/; classtype:trojan-activity;sid:84071239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208129)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.62.70.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208129/; classtype:trojan-activity;sid:84071229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3207963)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.103.109.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3207963/; classtype:trojan-activity;sid:84071063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3207955)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.14.126.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3207955/; classtype:trojan-activity;sid:84071055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3207907)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"80.64.30.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3207907/; classtype:trojan-activity;sid:84071007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3206631)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"102.165.46.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3206631/; classtype:trojan-activity;sid:84069731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3206483)"; flow:established,from_client; content:"GET"; http_method; content:"/2/api/loader.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3206483/; classtype:trojan-activity;sid:84069583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3206484)"; flow:established,from_client; content:"GET"; http_method; content:"/2/api/bot64.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3206484/; classtype:trojan-activity;sid:84069584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3206293)"; flow:established,from_client; content:"GET"; http_method; content:"/ox2fa/justnow/refs/heads/main/2pac.php"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3206293/; classtype:trojan-activity;sid:84069393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3205869)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.174.32.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3205869/; classtype:trojan-activity;sid:84068969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3205093)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3205093/; classtype:trojan-activity;sid:84068193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204753/; classtype:trojan-activity;sid:84067853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204733/; classtype:trojan-activity;sid:84067833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204531)"; flow:established,from_client; content:"GET"; http_method; content:"/for_down/2013/new/dlls/rse/rsreport.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"download.suxiazai.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204531/; classtype:trojan-activity;sid:84067631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.70.82.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204188/; classtype:trojan-activity;sid:84067288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.70.82.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204154/; classtype:trojan-activity;sid:84067254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3203017)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/f3dll.txt"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_01; reference:url, urlhaus.abuse.ch/url/3203017/; classtype:trojan-activity;sid:84066117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202309)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202309/; classtype:trojan-activity;sid:84065409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202310)"; flow:established,from_client; content:"GET"; http_method; content:"/c/earm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202310/; classtype:trojan-activity;sid:84065410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202311)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202311/; classtype:trojan-activity;sid:84065411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202312)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202312/; classtype:trojan-activity;sid:84065412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202313)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202313/; classtype:trojan-activity;sid:84065413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202293)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202293/; classtype:trojan-activity;sid:84065393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202295)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202295/; classtype:trojan-activity;sid:84065395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202297)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202297/; classtype:trojan-activity;sid:84065397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202299)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202299/; classtype:trojan-activity;sid:84065399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202300)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202300/; classtype:trojan-activity;sid:84065400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202301)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202301/; classtype:trojan-activity;sid:84065401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202304)"; flow:established,from_client; content:"GET"; http_method; content:"/c/empsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202304/; classtype:trojan-activity;sid:84065404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202305)"; flow:established,from_client; content:"GET"; http_method; content:"/c/t"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202305/; classtype:trojan-activity;sid:84065405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202306)"; flow:established,from_client; content:"GET"; http_method; content:"/c/emips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202306/; classtype:trojan-activity;sid:84065406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202307)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202307/; classtype:trojan-activity;sid:84065407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202285)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202285/; classtype:trojan-activity;sid:84065385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202286)"; flow:established,from_client; content:"GET"; http_method; content:"/c/earm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202286/; classtype:trojan-activity;sid:84065386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202287)"; flow:established,from_client; content:"GET"; http_method; content:"/c/emips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202287/; classtype:trojan-activity;sid:84065387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202288)"; flow:established,from_client; content:"GET"; http_method; content:"/c/eppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202288/; classtype:trojan-activity;sid:84065388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202289)"; flow:established,from_client; content:"GET"; http_method; content:"/c/earm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202289/; classtype:trojan-activity;sid:84065389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202290)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202290/; classtype:trojan-activity;sid:84065390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202291)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202291/; classtype:trojan-activity;sid:84065391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202254)"; flow:established,from_client; content:"GET"; http_method; content:"/c/empsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202254/; classtype:trojan-activity;sid:84065354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202255)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202255/; classtype:trojan-activity;sid:84065355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202257)"; flow:established,from_client; content:"GET"; http_method; content:"/c/eppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202257/; classtype:trojan-activity;sid:84065357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202262)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202262/; classtype:trojan-activity;sid:84065362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202263)"; flow:established,from_client; content:"GET"; http_method; content:"/c/esh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202263/; classtype:trojan-activity;sid:84065363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202264)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202264/; classtype:trojan-activity;sid:84065364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202265)"; flow:established,from_client; content:"GET"; http_method; content:"/c/esh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202265/; classtype:trojan-activity;sid:84065365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202269)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202269/; classtype:trojan-activity;sid:84065369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202271)"; flow:established,from_client; content:"GET"; http_method; content:"/c/t"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202271/; classtype:trojan-activity;sid:84065371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202272)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202272/; classtype:trojan-activity;sid:84065372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202274)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202274/; classtype:trojan-activity;sid:84065374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202275)"; flow:established,from_client; content:"GET"; http_method; content:"/c/earm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202275/; classtype:trojan-activity;sid:84065375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202276)"; flow:established,from_client; content:"GET"; http_method; content:"/c/earm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202276/; classtype:trojan-activity;sid:84065376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202277)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202277/; classtype:trojan-activity;sid:84065377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202278)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.clavity.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202278/; classtype:trojan-activity;sid:84065378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202280)"; flow:established,from_client; content:"GET"; http_method; content:"/c/earm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"clavity.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202280/; classtype:trojan-activity;sid:84065380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202173)"; flow:established,from_client; content:"GET"; http_method; content:"/c/eppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202173/; classtype:trojan-activity;sid:84065273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202169)"; flow:established,from_client; content:"GET"; http_method; content:"/c/t"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202169/; classtype:trojan-activity;sid:84065269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202168)"; flow:established,from_client; content:"GET"; http_method; content:"/c/esh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202168/; classtype:trojan-activity;sid:84065268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202166)"; flow:established,from_client; content:"GET"; http_method; content:"/c/earm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202166/; classtype:trojan-activity;sid:84065266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202167)"; flow:established,from_client; content:"GET"; http_method; content:"/c/empsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202167/; classtype:trojan-activity;sid:84065267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202163)"; flow:established,from_client; content:"GET"; http_method; content:"/c/earm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202163/; classtype:trojan-activity;sid:84065263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202164)"; flow:established,from_client; content:"GET"; http_method; content:"/c/earm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202164/; classtype:trojan-activity;sid:84065264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202165)"; flow:established,from_client; content:"GET"; http_method; content:"/c/emips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202165/; classtype:trojan-activity;sid:84065265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202083)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/dj1.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202083/; classtype:trojan-activity;sid:84065183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3201686)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=18-jwgmnsvcsyj0vhz_f9cqmqhwd-8fq8"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3201686/; classtype:trojan-activity;sid:84064786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3201676)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zjiuyifrkwemay58vp5hw7q3tqzhafaw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3201676/; classtype:trojan-activity;sid:84064776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3200739)"; flow:established,from_client; content:"GET"; http_method; content:"/fissionbaby/file/fissionbabyv242.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"tianyinsoft.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_29; reference:url, urlhaus.abuse.ch/url/3200739/; classtype:trojan-activity;sid:84063839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3200548)"; flow:established,from_client; content:"GET"; http_method; content:"/slinky/slinkycrack.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"crystalpvp.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_29; reference:url, urlhaus.abuse.ch/url/3200548/; classtype:trojan-activity;sid:84063648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3199828)"; flow:established,from_client; content:"GET"; http_method; content:"/0703_uac_doc.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"47.108.236.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_29; reference:url, urlhaus.abuse.ch/url/3199828/; classtype:trojan-activity;sid:84062928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198896)"; flow:established,from_client; content:"GET"; http_method; content:"/itplan.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198896/; classtype:trojan-activity;sid:84061996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198884)"; flow:established,from_client; content:"GET"; http_method; content:"/itplan.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198884/; classtype:trojan-activity;sid:84061984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198881)"; flow:established,from_client; content:"GET"; http_method; content:"/it_plan_cifs.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198881/; classtype:trojan-activity;sid:84061981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198880)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%99%9a%e6%8b%9f%e6%9c%ba%e9%9a%8f%e6%9c%bamac.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"180.140.124.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198880/; classtype:trojan-activity;sid:84061980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198873)"; flow:established,from_client; content:"GET"; http_method; content:"/it_plan_cifs.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198873/; classtype:trojan-activity;sid:84061973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198849)"; flow:established,from_client; content:"GET"; http_method; content:"/tstory.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198849/; classtype:trojan-activity;sid:84061949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198830)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%99%9a%e6%8b%9f%e6%9c%ba%e6%8e%92%e5%88%97.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"180.140.124.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198830/; classtype:trojan-activity;sid:84061930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198771)"; flow:established,from_client; content:"GET"; http_method; content:"/9402.tmp.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"195.60.232.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198771/; classtype:trojan-activity;sid:84061871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198763)"; flow:established,from_client; content:"GET"; http_method; content:"/python3.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"39.100.33.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198763/; classtype:trojan-activity;sid:84061863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198759)"; flow:established,from_client; content:"GET"; http_method; content:"/psexec64.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198759/; classtype:trojan-activity;sid:84061859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198753)"; flow:established,from_client; content:"GET"; http_method; content:"/pinginfoview.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"139.198.15.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198753/; classtype:trojan-activity;sid:84061853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198751)"; flow:established,from_client; content:"GET"; http_method; content:"/notmyfault.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"195.60.232.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198751/; classtype:trojan-activity;sid:84061851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198713)"; flow:established,from_client; content:"GET"; http_method; content:"/tstory.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198713/; classtype:trojan-activity;sid:84061813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198703)"; flow:established,from_client; content:"GET"; http_method; content:"/naver.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198703/; classtype:trojan-activity;sid:84061803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198696)"; flow:established,from_client; content:"GET"; http_method; content:"/cen22.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.100.33.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198696/; classtype:trojan-activity;sid:84061796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198687)"; flow:established,from_client; content:"GET"; http_method; content:"/bluescreen.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"195.60.232.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198687/; classtype:trojan-activity;sid:84061787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195888)"; flow:established,from_client; content:"GET"; http_method; content:"/dllgiris.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.188.137.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195888/; classtype:trojan-activity;sid:84058988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195889)"; flow:established,from_client; content:"GET"; http_method; content:"/dllgiris.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"85.105.116.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195889/; classtype:trojan-activity;sid:84058989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195887)"; flow:established,from_client; content:"GET"; http_method; content:"/dllgiris.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"212.98.231.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195887/; classtype:trojan-activity;sid:84058987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195883)"; flow:established,from_client; content:"GET"; http_method; content:"/scanport.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"139.198.15.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195883/; classtype:trojan-activity;sid:84058983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195851)"; flow:established,from_client; content:"GET"; http_method; content:"/hid.dll"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"112.124.28.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195851/; classtype:trojan-activity;sid:84058951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195849)"; flow:established,from_client; content:"GET"; http_method; content:"/nc.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.124.28.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195849/; classtype:trojan-activity;sid:84058949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195848)"; flow:established,from_client; content:"GET"; http_method; content:"/client-built.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"39.105.31.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195848/; classtype:trojan-activity;sid:84058948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195847)"; flow:established,from_client; content:"GET"; http_method; content:"/abc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"39.105.31.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195847/; classtype:trojan-activity;sid:84058947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195831)"; flow:established,from_client; content:"GET"; http_method; content:"/winbox/winbox.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.123.98.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195831/; classtype:trojan-activity;sid:84058931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195832)"; flow:established,from_client; content:"GET"; http_method; content:"/winbox/winbox.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.123.98.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195832/; classtype:trojan-activity;sid:84058932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195759)"; flow:established,from_client; content:"GET"; http_method; content:"/pornhub_downloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195759/; classtype:trojan-activity;sid:84058859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195737)"; flow:established,from_client; content:"GET"; http_method; content:"/ipscan221.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"58.149.249.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195737/; classtype:trojan-activity;sid:84058837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195736)"; flow:established,from_client; content:"GET"; http_method; content:"/fx8"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"123.57.250.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195736/; classtype:trojan-activity;sid:84058836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195720)"; flow:established,from_client; content:"GET"; http_method; content:"/imgdisk.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"141.147.155.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195720/; classtype:trojan-activity;sid:84058820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195292)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%b8%85%e7%90%86%e5%9e%83%e5%9c%be.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"39.103.217.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195292/; classtype:trojan-activity;sid:84058392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195274)"; flow:established,from_client; content:"GET"; http_method; content:"/pesinislem.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"78.186.157.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195274/; classtype:trojan-activity;sid:84058374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195275)"; flow:established,from_client; content:"GET"; http_method; content:"/pesinislem.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.156.209.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195275/; classtype:trojan-activity;sid:84058375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195257)"; flow:established,from_client; content:"GET"; http_method; content:"/fiddlersetup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.123.237.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195257/; classtype:trojan-activity;sid:84058357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195255)"; flow:established,from_client; content:"GET"; http_method; content:"/exsync.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.137.135.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195255/; classtype:trojan-activity;sid:84058355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195232)"; flow:established,from_client; content:"GET"; http_method; content:"/git_win.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195232/; classtype:trojan-activity;sid:84058332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195233)"; flow:established,from_client; content:"GET"; http_method; content:"/documents_win.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.197.154.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195233/; classtype:trojan-activity;sid:84058333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195234)"; flow:established,from_client; content:"GET"; http_method; content:"/macro2.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195234/; classtype:trojan-activity;sid:84058334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195235)"; flow:established,from_client; content:"GET"; http_method; content:"/excel.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195235/; classtype:trojan-activity;sid:84058335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195236)"; flow:established,from_client; content:"GET"; http_method; content:"/obs_win.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195236/; classtype:trojan-activity;sid:84058336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195237)"; flow:established,from_client; content:"GET"; http_method; content:"/macro.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195237/; classtype:trojan-activity;sid:84058337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195225)"; flow:established,from_client; content:"GET"; http_method; content:"/documents.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195225/; classtype:trojan-activity;sid:84058325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195226)"; flow:established,from_client; content:"GET"; http_method; content:"/obs_lin.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195226/; classtype:trojan-activity;sid:84058326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195227)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195227/; classtype:trojan-activity;sid:84058327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195228)"; flow:established,from_client; content:"GET"; http_method; content:"/beta.hta"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.197.154.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195228/; classtype:trojan-activity;sid:84058328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195229)"; flow:established,from_client; content:"GET"; http_method; content:"/git.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"89.197.154.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195229/; classtype:trojan-activity;sid:84058329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195221)"; flow:established,from_client; content:"GET"; http_method; content:"/ubolite_0.1.23.6055.chromium.mv3.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195221/; classtype:trojan-activity;sid:84058321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195215)"; flow:established,from_client; content:"GET"; http_method; content:"/utility.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195215/; classtype:trojan-activity;sid:84058315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195216)"; flow:established,from_client; content:"GET"; http_method; content:"/journal.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195216/; classtype:trojan-activity;sid:84058316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195217)"; flow:established,from_client; content:"GET"; http_method; content:"/monitor.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195217/; classtype:trojan-activity;sid:84058317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195218)"; flow:established,from_client; content:"GET"; http_method; content:"/documents.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195218/; classtype:trojan-activity;sid:84058318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195219)"; flow:established,from_client; content:"GET"; http_method; content:"/macro3.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195219/; classtype:trojan-activity;sid:84058319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195220)"; flow:established,from_client; content:"GET"; http_method; content:"/bypass.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195220/; classtype:trojan-activity;sid:84058320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195211)"; flow:established,from_client; content:"GET"; http_method; content:"/macro.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195211/; classtype:trojan-activity;sid:84058311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195212)"; flow:established,from_client; content:"GET"; http_method; content:"/tracker.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195212/; classtype:trojan-activity;sid:84058312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195213)"; flow:established,from_client; content:"GET"; http_method; content:"/excel.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195213/; classtype:trojan-activity;sid:84058313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195214)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195214/; classtype:trojan-activity;sid:84058314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195210)"; flow:established,from_client; content:"GET"; http_method; content:"/prototype2.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195210/; classtype:trojan-activity;sid:84058310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195204)"; flow:established,from_client; content:"GET"; http_method; content:"/launcher.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195204/; classtype:trojan-activity;sid:84058304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195205)"; flow:established,from_client; content:"GET"; http_method; content:"/documentsexe.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195205/; classtype:trojan-activity;sid:84058305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195206)"; flow:established,from_client; content:"GET"; http_method; content:"/organiser3.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195206/; classtype:trojan-activity;sid:84058306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195207)"; flow:established,from_client; content:"GET"; http_method; content:"/beta2.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195207/; classtype:trojan-activity;sid:84058307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195198)"; flow:established,from_client; content:"GET"; http_method; content:"/organiser2.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195198/; classtype:trojan-activity;sid:84058298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195199)"; flow:established,from_client; content:"GET"; http_method; content:"/extension2.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195199/; classtype:trojan-activity;sid:84058299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195200)"; flow:established,from_client; content:"GET"; http_method; content:"/accounts.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195200/; classtype:trojan-activity;sid:84058300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195201)"; flow:established,from_client; content:"GET"; http_method; content:"/trial.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195201/; classtype:trojan-activity;sid:84058301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195202)"; flow:established,from_client; content:"GET"; http_method; content:"/extension.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195202/; classtype:trojan-activity;sid:84058302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195203)"; flow:established,from_client; content:"GET"; http_method; content:"/prototype.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195203/; classtype:trojan-activity;sid:84058303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195187)"; flow:established,from_client; content:"GET"; http_method; content:"/journal.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195187/; classtype:trojan-activity;sid:84058287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195188)"; flow:established,from_client; content:"GET"; http_method; content:"/monitor.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195188/; classtype:trojan-activity;sid:84058288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195189)"; flow:established,from_client; content:"GET"; http_method; content:"/utility2.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195189/; classtype:trojan-activity;sid:84058289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195190)"; flow:established,from_client; content:"GET"; http_method; content:"/avos.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195190/; classtype:trojan-activity;sid:84058290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195177)"; flow:established,from_client; content:"GET"; http_method; content:"/charter.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195177/; classtype:trojan-activity;sid:84058277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195178)"; flow:established,from_client; content:"GET"; http_method; content:"/set_up.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195178/; classtype:trojan-activity;sid:84058278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195179)"; flow:established,from_client; content:"GET"; http_method; content:"/excel.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195179/; classtype:trojan-activity;sid:84058279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195181)"; flow:established,from_client; content:"GET"; http_method; content:"/documents.elf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195181/; classtype:trojan-activity;sid:84058281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195182)"; flow:established,from_client; content:"GET"; http_method; content:"/session.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195182/; classtype:trojan-activity;sid:84058282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195183)"; flow:established,from_client; content:"GET"; http_method; content:"/prototype.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195183/; classtype:trojan-activity;sid:84058283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195184)"; flow:established,from_client; content:"GET"; http_method; content:"/documents.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195184/; classtype:trojan-activity;sid:84058284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195185)"; flow:established,from_client; content:"GET"; http_method; content:"/macro2.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195185/; classtype:trojan-activity;sid:84058285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195186)"; flow:established,from_client; content:"GET"; http_method; content:"/uploader.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195186/; classtype:trojan-activity;sid:84058286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195168)"; flow:established,from_client; content:"GET"; http_method; content:"/launcher.elf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195168/; classtype:trojan-activity;sid:84058268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195169)"; flow:established,from_client; content:"GET"; http_method; content:"/uploader.elf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195169/; classtype:trojan-activity;sid:84058269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195170)"; flow:established,from_client; content:"GET"; http_method; content:"/service.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195170/; classtype:trojan-activity;sid:84058270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195171)"; flow:established,from_client; content:"GET"; http_method; content:"/icon.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195171/; classtype:trojan-activity;sid:84058271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195172)"; flow:established,from_client; content:"GET"; http_method; content:"/extension2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195172/; classtype:trojan-activity;sid:84058272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195173)"; flow:established,from_client; content:"GET"; http_method; content:"/organiser.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195173/; classtype:trojan-activity;sid:84058273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195174)"; flow:established,from_client; content:"GET"; http_method; content:"/tracker.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195174/; classtype:trojan-activity;sid:84058274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195175)"; flow:established,from_client; content:"GET"; http_method; content:"/utility3.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195175/; classtype:trojan-activity;sid:84058275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195176)"; flow:established,from_client; content:"GET"; http_method; content:"/meeting.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195176/; classtype:trojan-activity;sid:84058276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195166)"; flow:established,from_client; content:"GET"; http_method; content:"/aact.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"218.22.21.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195166/; classtype:trojan-activity;sid:84058266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195157)"; flow:established,from_client; content:"GET"; http_method; content:"/chromesetup.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195157/; classtype:trojan-activity;sid:84058257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3194591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.0.194.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3194591/; classtype:trojan-activity;sid:84057691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3194159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.241.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3194159/; classtype:trojan-activity;sid:84057259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3193861)"; flow:established,from_client; content:"GET"; http_method; content:"/massgravel/microsoft-activation-scripts/b1b5299c4725d97349b18b59061647198f7cc59b/mas/all-in-one-version-kl/mas_aio.cmd"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_27; reference:url, urlhaus.abuse.ch/url/3193861/; classtype:trojan-activity;sid:84056961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192740)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192740/; classtype:trojan-activity;sid:84055840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192738)"; flow:established,from_client; content:"GET"; http_method; content:"/sq1mon-v.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192738/; classtype:trojan-activity;sid:84055838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192737)"; flow:established,from_client; content:"GET"; http_method; content:"/library.so"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192737/; classtype:trojan-activity;sid:84055837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192735)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192735/; classtype:trojan-activity;sid:84055835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192736)"; flow:established,from_client; content:"GET"; http_method; content:"/data.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192736/; classtype:trojan-activity;sid:84055836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192734)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192734/; classtype:trojan-activity;sid:84055834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192733)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_lagacy.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192733/; classtype:trojan-activity;sid:84055833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192732)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192732/; classtype:trojan-activity;sid:84055832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192730)"; flow:established,from_client; content:"GET"; http_method; content:"/cabbage.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192730/; classtype:trojan-activity;sid:84055830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192568)"; flow:established,from_client; content:"GET"; http_method; content:"/mimikatz_trunk/win32/mimikatz.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"120.25.163.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192568/; classtype:trojan-activity;sid:84055668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191857)"; flow:established,from_client; content:"GET"; http_method; content:"/alfa_shtml/photo.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"120.77.253.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191857/; classtype:trojan-activity;sid:84054957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191130)"; flow:established,from_client; content:"GET"; http_method; content:"/eodgqfp132.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cmgtrading.eu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3191130/; classtype:trojan-activity;sid:84054230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191037)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.125.11.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3191037/; classtype:trojan-activity;sid:84054137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190997)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190997/; classtype:trojan-activity;sid:84054097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190974)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"223.223.179.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190974/; classtype:trojan-activity;sid:84054074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190969)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.50.95.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190969/; classtype:trojan-activity;sid:84054069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190948)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190948/; classtype:trojan-activity;sid:84054048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190945)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.206.151.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190945/; classtype:trojan-activity;sid:84054045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190937)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.44.116.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190937/; classtype:trojan-activity;sid:84054037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190926)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.125.11.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190926/; classtype:trojan-activity;sid:84054026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190920)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.50.95.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190920/; classtype:trojan-activity;sid:84054020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190808)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.125.11.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190808/; classtype:trojan-activity;sid:84053908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190775)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190775/; classtype:trojan-activity;sid:84053875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190745)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190745/; classtype:trojan-activity;sid:84053845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190729)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190729/; classtype:trojan-activity;sid:84053829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190704)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190704/; classtype:trojan-activity;sid:84053804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190712)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.125.11.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190712/; classtype:trojan-activity;sid:84053812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190692)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.50.95.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190692/; classtype:trojan-activity;sid:84053792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190693)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.50.95.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190693/; classtype:trojan-activity;sid:84053793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190662)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader1.1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190662/; classtype:trojan-activity;sid:84053762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190652)"; flow:established,from_client; content:"GET"; http_method; content:"/pornhub_downloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.206.151.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190652/; classtype:trojan-activity;sid:84053752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190650)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"116.206.151.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190650/; classtype:trojan-activity;sid:84053750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190651)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader1.1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.206.151.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190651/; classtype:trojan-activity;sid:84053751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190642)"; flow:established,from_client; content:"GET"; http_method; content:"/pornhub_downloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.92.101.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190642/; classtype:trojan-activity;sid:84053742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190640)"; flow:established,from_client; content:"GET"; http_method; content:"/sysloader.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"8.138.81.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190640/; classtype:trojan-activity;sid:84053740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190579)"; flow:established,from_client; content:"GET"; http_method; content:"/nn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"23.95.79.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190579/; classtype:trojan-activity;sid:84053679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190578)"; flow:established,from_client; content:"GET"; http_method; content:"/cnrig"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.95.79.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190578/; classtype:trojan-activity;sid:84053678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190400)"; flow:established,from_client; content:"GET"; http_method; content:"/sc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"23.95.79.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190400/; classtype:trojan-activity;sid:84053500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190382)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.242.12.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190382/; classtype:trojan-activity;sid:84053482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190347)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190347/; classtype:trojan-activity;sid:84053447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190343)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190343/; classtype:trojan-activity;sid:84053443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190344)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"110.239.6.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190344/; classtype:trojan-activity;sid:84053444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190338)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190338/; classtype:trojan-activity;sid:84053438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190326)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190326/; classtype:trojan-activity;sid:84053426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190327)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190327/; classtype:trojan-activity;sid:84053427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190328)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190328/; classtype:trojan-activity;sid:84053428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190329)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.89.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190329/; classtype:trojan-activity;sid:84053429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190330)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.89.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190330/; classtype:trojan-activity;sid:84053430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190331)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190331/; classtype:trojan-activity;sid:84053431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190332)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190332/; classtype:trojan-activity;sid:84053432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190333)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"110.239.6.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190333/; classtype:trojan-activity;sid:84053433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190335)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190335/; classtype:trojan-activity;sid:84053435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190336)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190336/; classtype:trojan-activity;sid:84053436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190325)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190325/; classtype:trojan-activity;sid:84053425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190320)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190320/; classtype:trojan-activity;sid:84053420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190321)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190321/; classtype:trojan-activity;sid:84053421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190322)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190322/; classtype:trojan-activity;sid:84053422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190323)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190323/; classtype:trojan-activity;sid:84053423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190316)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190316/; classtype:trojan-activity;sid:84053416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190317)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190317/; classtype:trojan-activity;sid:84053417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190318)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190318/; classtype:trojan-activity;sid:84053418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190319)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190319/; classtype:trojan-activity;sid:84053419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190197)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/cyber-city-53e23.appspot.com/o/base.txt|3f|alt=media|7c|26|7c|token=c5cbd710-7d53-4b3a-87ac-6d45c902be57"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190197/; classtype:trojan-activity;sid:84053297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190183)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/descargas-dc4d6.appspot.com/o/envios-nuevos.txt|3f|alt=media|7c|26|7c|token=ce690a60-78eb-401b-bfc6-1dc825e194b2"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190183/; classtype:trojan-activity;sid:84053283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189430)"; flow:established,from_client; content:"GET"; http_method; content:"/thebig/getlab.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.113.115.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189430/; classtype:trojan-activity;sid:84052530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189426)"; flow:established,from_client; content:"GET"; http_method; content:"/thebig/stories.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.113.115.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189426/; classtype:trojan-activity;sid:84052526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189365)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/installeraus.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189365/; classtype:trojan-activity;sid:84052465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189290)"; flow:established,from_client; content:"GET"; http_method; content:"/2009/mdagfqvaa2gkfvxxponi.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189290/; classtype:trojan-activity;sid:84052390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189225)"; flow:established,from_client; content:"GET"; http_method; content:"/unknwon1352/qawfdasfaw/main/software.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189225/; classtype:trojan-activity;sid:84052325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188620)"; flow:established,from_client; content:"GET"; http_method; content:"/repository/aa_v3.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"83.149.17.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3188620/; classtype:trojan-activity;sid:84051720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188034)"; flow:established,from_client; content:"GET"; http_method; content:"/blueskyxn/changesource/master/besttrace"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3188034/; classtype:trojan-activity;sid:84051134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188025)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3188025/; classtype:trojan-activity;sid:84051125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187608)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187608/; classtype:trojan-activity;sid:84050708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187607)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187607/; classtype:trojan-activity;sid:84050707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187582)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/temp/_rels/key.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"pb.agnt.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187582/; classtype:trojan-activity;sid:84050682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187580)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/blackload.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187580/; classtype:trojan-activity;sid:84050680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187576)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/unison.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187576/; classtype:trojan-activity;sid:84050676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187577)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winrarinstall.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187577/; classtype:trojan-activity;sid:84050677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187575)"; flow:established,from_client; content:"GET"; http_method; content:"/7z.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"down.mvip8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187575/; classtype:trojan-activity;sid:84050675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187570)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ufw.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187570/; classtype:trojan-activity;sid:84050670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187553)"; flow:established,from_client; content:"GET"; http_method; content:"/download/%e5%9b%9b%e6%96%b9%e5%b9%b3%e5%8f%b0-%e5%8d%a1%e5%95%86%e7%ab%af.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"sms-szfang.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187553/; classtype:trojan-activity;sid:84050653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186441)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.6.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186441/; classtype:trojan-activity;sid:84049541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186440)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.iso"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186440/; classtype:trojan-activity;sid:84049540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186439)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.4.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186439/; classtype:trojan-activity;sid:84049539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186434)"; flow:established,from_client; content:"GET"; http_method; content:"/1_dxl_win_tool_v9.6.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186434/; classtype:trojan-activity;sid:84049534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186433)"; flow:established,from_client; content:"GET"; http_method; content:"/1_dxl_win_tool_v9.6.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186433/; classtype:trojan-activity;sid:84049533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186432)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.iso"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186432/; classtype:trojan-activity;sid:84049532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186431)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186431/; classtype:trojan-activity;sid:84049531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186430)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186430/; classtype:trojan-activity;sid:84049530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186429)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.4.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186429/; classtype:trojan-activity;sid:84049529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186426)"; flow:established,from_client; content:"GET"; http_method; content:"/1_dxl_windowsport.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186426/; classtype:trojan-activity;sid:84049526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186427)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.6.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186427/; classtype:trojan-activity;sid:84049527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185948)"; flow:established,from_client; content:"GET"; http_method; content:"//macro.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185948/; classtype:trojan-activity;sid:84049048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185946)"; flow:established,from_client; content:"GET"; http_method; content:"//ubolite_0.1.23.6055.chromium.mv3.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185946/; classtype:trojan-activity;sid:84049046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185944)"; flow:established,from_client; content:"GET"; http_method; content:"//beta2.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185944/; classtype:trojan-activity;sid:84049044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185938)"; flow:established,from_client; content:"GET"; http_method; content:"//prototype.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185938/; classtype:trojan-activity;sid:84049038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185939)"; flow:established,from_client; content:"GET"; http_method; content:"//prototype2.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185939/; classtype:trojan-activity;sid:84049039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185940)"; flow:established,from_client; content:"GET"; http_method; content:"//journal.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185940/; classtype:trojan-activity;sid:84049040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185942)"; flow:established,from_client; content:"GET"; http_method; content:"//tracker.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185942/; classtype:trojan-activity;sid:84049042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185943)"; flow:established,from_client; content:"GET"; http_method; content:"//extension2.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185943/; classtype:trojan-activity;sid:84049043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185935)"; flow:established,from_client; content:"GET"; http_method; content:"//monitor.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185935/; classtype:trojan-activity;sid:84049035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185936)"; flow:established,from_client; content:"GET"; http_method; content:"//utility3.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185936/; classtype:trojan-activity;sid:84049036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185937)"; flow:established,from_client; content:"GET"; http_method; content:"//trial.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185937/; classtype:trojan-activity;sid:84049037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185934)"; flow:established,from_client; content:"GET"; http_method; content:"//organiser3.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185934/; classtype:trojan-activity;sid:84049034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185927)"; flow:established,from_client; content:"GET"; http_method; content:"//organiser2.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185927/; classtype:trojan-activity;sid:84049027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185928)"; flow:established,from_client; content:"GET"; http_method; content:"//service.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185928/; classtype:trojan-activity;sid:84049028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185930)"; flow:established,from_client; content:"GET"; http_method; content:"//launcher.elf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185930/; classtype:trojan-activity;sid:84049030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185931)"; flow:established,from_client; content:"GET"; http_method; content:"//utility2.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185931/; classtype:trojan-activity;sid:84049031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185932)"; flow:established,from_client; content:"GET"; http_method; content:"//utility.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185932/; classtype:trojan-activity;sid:84049032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185933)"; flow:established,from_client; content:"GET"; http_method; content:"//setup.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185933/; classtype:trojan-activity;sid:84049033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185926)"; flow:established,from_client; content:"GET"; http_method; content:"//excel.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185926/; classtype:trojan-activity;sid:84049026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185924)"; flow:established,from_client; content:"GET"; http_method; content:"//uploader.elf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185924/; classtype:trojan-activity;sid:84049024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185922)"; flow:established,from_client; content:"GET"; http_method; content:"//meeting.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185922/; classtype:trojan-activity;sid:84049022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185920)"; flow:established,from_client; content:"GET"; http_method; content:"//prototype.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185920/; classtype:trojan-activity;sid:84049020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185912)"; flow:established,from_client; content:"GET"; http_method; content:"//tracker.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185912/; classtype:trojan-activity;sid:84049012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185913)"; flow:established,from_client; content:"GET"; http_method; content:"//extension.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185913/; classtype:trojan-activity;sid:84049013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185914)"; flow:established,from_client; content:"GET"; http_method; content:"//organiser.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185914/; classtype:trojan-activity;sid:84049014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185916)"; flow:established,from_client; content:"GET"; http_method; content:"//charter.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185916/; classtype:trojan-activity;sid:84049016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185917)"; flow:established,from_client; content:"GET"; http_method; content:"//accounts.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185917/; classtype:trojan-activity;sid:84049017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185918)"; flow:established,from_client; content:"GET"; http_method; content:"//journal.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185918/; classtype:trojan-activity;sid:84049018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185919)"; flow:established,from_client; content:"GET"; http_method; content:"//uploader.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185919/; classtype:trojan-activity;sid:84049019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185909)"; flow:established,from_client; content:"GET"; http_method; content:"//excel.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185909/; classtype:trojan-activity;sid:84049009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185910)"; flow:established,from_client; content:"GET"; http_method; content:"//icon.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185910/; classtype:trojan-activity;sid:84049010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185911)"; flow:established,from_client; content:"GET"; http_method; content:"//extension2.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185911/; classtype:trojan-activity;sid:84049011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185853)"; flow:established,from_client; content:"GET"; http_method; content:"/mysqld.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.238.84.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185853/; classtype:trojan-activity;sid:84048953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185566)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/ds1.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185566/; classtype:trojan-activity;sid:84048666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185567)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/rf.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185567/; classtype:trojan-activity;sid:84048667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185568)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/rs.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185568/; classtype:trojan-activity;sid:84048668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185560)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/j1.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185560/; classtype:trojan-activity;sid:84048660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185561)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/rtj.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185561/; classtype:trojan-activity;sid:84048661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185562)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/rrtt.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185562/; classtype:trojan-activity;sid:84048662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185564)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/k1r.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185564/; classtype:trojan-activity;sid:84048664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185565)"; flow:established,from_client; content:"GET"; http_method; content:"/qq-1950222243-x%e2%80%aexcod.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"8.130.82.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185565/; classtype:trojan-activity;sid:84048665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185053)"; flow:established,from_client; content:"GET"; http_method; content:"/api/nusjygs.pack"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3185053/; classtype:trojan-activity;sid:84048153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185054)"; flow:established,from_client; content:"GET"; http_method; content:"/api/diamotrix.pack"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3185054/; classtype:trojan-activity;sid:84048154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185021)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"1.92.146.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3185021/; classtype:trojan-activity;sid:84048121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185020)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"1.92.146.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3185020/; classtype:trojan-activity;sid:84048120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185019)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"1.92.146.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3185019/; classtype:trojan-activity;sid:84048119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185018)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"1.92.146.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3185018/; classtype:trojan-activity;sid:84048118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185017)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"1.92.146.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3185017/; classtype:trojan-activity;sid:84048117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185016)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"1.92.146.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3185016/; classtype:trojan-activity;sid:84048116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185015)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"1.92.146.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3185015/; classtype:trojan-activity;sid:84048115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184928)"; flow:established,from_client; content:"GET"; http_method; content:"/download/new_image_vbs/new_image_vbs.jpg"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184928/; classtype:trojan-activity;sid:84048028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184777)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/hostfile/game.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"103.110.33.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184777/; classtype:trojan-activity;sid:84047877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184776)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/hostfile/config.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"103.110.33.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184776/; classtype:trojan-activity;sid:84047876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184769)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/hostfile/autoupdate.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"103.110.33.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184769/; classtype:trojan-activity;sid:84047869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184301)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/needmoney.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184301/; classtype:trojan-activity;sid:84047401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184299)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/firefox.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184299/; classtype:trojan-activity;sid:84047399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184293)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/microsoft.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184293/; classtype:trojan-activity;sid:84047393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184284)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac222222.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184284/; classtype:trojan-activity;sid:84047384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3179273)"; flow:established,from_client; content:"GET"; http_method; content:"/spetterman66/verynicerepo/main/xmr-go.sh"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_18; reference:url, urlhaus.abuse.ch/url/3179273/; classtype:trojan-activity;sid:84042373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3178439)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/aaaaa-dc2a3.appspot.com/o/dlllllll.txt|3f|alt=media|7c|26|7c|token=fdca0921-d71f-49dc-bdf6-08168b6bad86"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_09_17; reference:url, urlhaus.abuse.ch/url/3178439/; classtype:trojan-activity;sid:84041539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3178396)"; flow:established,from_client; content:"GET"; http_method; content:"/6/items/detah-note-j/detahnotej.txt"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"ia904601.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_09_17; reference:url, urlhaus.abuse.ch/url/3178396/; classtype:trojan-activity;sid:84041496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3178373)"; flow:established,from_client; content:"GET"; http_method; content:"/24/items/detah-note-v/detahnotev.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ia600100.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_09_17; reference:url, urlhaus.abuse.ch/url/3178373/; classtype:trojan-activity;sid:84041473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3178347)"; flow:established,from_client; content:"GET"; http_method; content:"/2/items/new_image_20240905/new_image.jpg"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"ia601706.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_09_17; reference:url, urlhaus.abuse.ch/url/3178347/; classtype:trojan-activity;sid:84041447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3176961)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/amadeus.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_16; reference:url, urlhaus.abuse.ch/url/3176961/; classtype:trojan-activity;sid:84040061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3176887)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clip.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_16; reference:url, urlhaus.abuse.ch/url/3176887/; classtype:trojan-activity;sid:84039987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175721)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175721/; classtype:trojan-activity;sid:84038821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175712)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175712/; classtype:trojan-activity;sid:84038812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175659)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.46.176.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175659/; classtype:trojan-activity;sid:84038759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175566)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.46.176.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175566/; classtype:trojan-activity;sid:84038666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175462)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.46.176.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175462/; classtype:trojan-activity;sid:84038562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175448)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175448/; classtype:trojan-activity;sid:84038548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175437)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175437/; classtype:trojan-activity;sid:84038537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175431)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.46.176.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175431/; classtype:trojan-activity;sid:84038531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175403)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175403/; classtype:trojan-activity;sid:84038503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175393)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.46.176.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175393/; classtype:trojan-activity;sid:84038493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175280)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175280/; classtype:trojan-activity;sid:84038380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175149)"; flow:established,from_client; content:"GET"; http_method; content:"/load.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8.138.81.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175149/; classtype:trojan-activity;sid:84038249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175134)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"122.51.183.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175134/; classtype:trojan-activity;sid:84038234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175124)"; flow:established,from_client; content:"GET"; http_method; content:"/build.config"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"8.138.81.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175124/; classtype:trojan-activity;sid:84038224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175127)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"8.138.81.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175127/; classtype:trojan-activity;sid:84038227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175111)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175111/; classtype:trojan-activity;sid:84038211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175104)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175104/; classtype:trojan-activity;sid:84038204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175105)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175105/; classtype:trojan-activity;sid:84038205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175106/; classtype:trojan-activity;sid:84038206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175107)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175107/; classtype:trojan-activity;sid:84038207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175108/; classtype:trojan-activity;sid:84038208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175048)"; flow:established,from_client; content:"GET"; http_method; content:"/down/bibnza9851zj.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"121.40.100.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175048/; classtype:trojan-activity;sid:84038148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174975)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.41.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174975/; classtype:trojan-activity;sid:84038075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174974)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"14.103.48.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174974/; classtype:trojan-activity;sid:84038074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174957)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.178.231.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174957/; classtype:trojan-activity;sid:84038057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174964)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.134.251.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174964/; classtype:trojan-activity;sid:84038064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174943)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.236.75.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174943/; classtype:trojan-activity;sid:84038043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174936)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.106.216.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174936/; classtype:trojan-activity;sid:84038036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174586)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bitcoincore.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174586/; classtype:trojan-activity;sid:84037686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174584)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/8.11.9-windows.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174584/; classtype:trojan-activity;sid:84037684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174582)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/s%d0%b5tup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174582/; classtype:trojan-activity;sid:84037682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174581)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/broadcom5.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174581/; classtype:trojan-activity;sid:84037681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174580)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyld64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174580/; classtype:trojan-activity;sid:84037680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174579)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/client_protected.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174579/; classtype:trojan-activity;sid:84037679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174578)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/freedom.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174578/; classtype:trojan-activity;sid:84037678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174576)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rms1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174576/; classtype:trojan-activity;sid:84037676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174574)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pichon.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174574/; classtype:trojan-activity;sid:84037674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174575)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gift-info.lmg.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174575/; classtype:trojan-activity;sid:84037675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174573)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cclent.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174573/; classtype:trojan-activity;sid:84037673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174572)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyl64.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174572/; classtype:trojan-activity;sid:84037672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174570)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bandwidth_monitor.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174570/; classtype:trojan-activity;sid:84037670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174569)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/whiteheroin.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174569/; classtype:trojan-activity;sid:84037669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174568)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hvnc1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174568/; classtype:trojan-activity;sid:84037668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174566)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ghost_0x000263826b9a9b91.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174566/; classtype:trojan-activity;sid:84037666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174567)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/morphic.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174567/; classtype:trojan-activity;sid:84037667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174564)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cnyvvl.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174564/; classtype:trojan-activity;sid:84037664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174565)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xclient_protected.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174565/; classtype:trojan-activity;sid:84037665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174560)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/resex.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174560/; classtype:trojan-activity;sid:84037660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174561)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5knchalah.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174561/; classtype:trojan-activity;sid:84037661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174556)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5_6253708004881862888.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174556/; classtype:trojan-activity;sid:84037656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174523)"; flow:established,from_client; content:"GET"; http_method; content:"/scribblercoder/browserthief/main/browserthief.ps1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174523/; classtype:trojan-activity;sid:84037623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174501)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/splwow64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174501/; classtype:trojan-activity;sid:84037601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174496)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bundle.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174496/; classtype:trojan-activity;sid:84037596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174498)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/penis.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174498/; classtype:trojan-activity;sid:84037598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174493)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vlst.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174493/; classtype:trojan-activity;sid:84037593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174406)"; flow:established,from_client; content:"GET"; http_method; content:"/winring0x64.sys"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.173.254.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174406/; classtype:trojan-activity;sid:84037506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174364)"; flow:established,from_client; content:"GET"; http_method; content:"/foru.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tecunonline.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174364/; classtype:trojan-activity;sid:84037464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174340)"; flow:established,from_client; content:"GET"; http_method; content:"/foru.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.tecunonline.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174340/; classtype:trojan-activity;sid:84037440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174318)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174318/; classtype:trojan-activity;sid:84037418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174319)"; flow:established,from_client; content:"GET"; http_method; content:"/tsh4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174319/; classtype:trojan-activity;sid:84037419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174320)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174320/; classtype:trojan-activity;sid:84037420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174283)"; flow:established,from_client; content:"GET"; http_method; content:"/build.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.130.45.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174283/; classtype:trojan-activity;sid:84037383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174267)"; flow:established,from_client; content:"GET"; http_method; content:"/me.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.106.176.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174267/; classtype:trojan-activity;sid:84037367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174264)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174264/; classtype:trojan-activity;sid:84037364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174027)"; flow:established,from_client; content:"GET"; http_method; content:"/dns1.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.35.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174027/; classtype:trojan-activity;sid:84037127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174024)"; flow:established,from_client; content:"GET"; http_method; content:"/vpn.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.141.35.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174024/; classtype:trojan-activity;sid:84037124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174025)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.35.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174025/; classtype:trojan-activity;sid:84037125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3173868)"; flow:established,from_client; content:"GET"; http_method; content:"/file.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3173868/; classtype:trojan-activity;sid:84036968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3173704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.241.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3173704/; classtype:trojan-activity;sid:84036804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172305)"; flow:established,from_client; content:"GET"; http_method; content:"/logon.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.160.158.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172305/; classtype:trojan-activity;sid:84035405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172303)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.73.160.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172303/; classtype:trojan-activity;sid:84035403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172298)"; flow:established,from_client; content:"GET"; http_method; content:"/install_lodop32.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.59.103.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172298/; classtype:trojan-activity;sid:84035398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172294)"; flow:established,from_client; content:"GET"; http_method; content:"/od.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.189.5.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172294/; classtype:trojan-activity;sid:84035394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172270)"; flow:established,from_client; content:"GET"; http_method; content:"/server.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.149.92.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172270/; classtype:trojan-activity;sid:84035370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172268)"; flow:established,from_client; content:"GET"; http_method; content:"/taskmgr.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.173.254.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172268/; classtype:trojan-activity;sid:84035368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172258)"; flow:established,from_client; content:"GET"; http_method; content:"/ggg.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.202.113.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172258/; classtype:trojan-activity;sid:84035358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172259)"; flow:established,from_client; content:"GET"; http_method; content:"/op.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.202.113.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172259/; classtype:trojan-activity;sid:84035359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172251)"; flow:established,from_client; content:"GET"; http_method; content:"/si.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.202.113.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172251/; classtype:trojan-activity;sid:84035351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172252)"; flow:established,from_client; content:"GET"; http_method; content:"/j.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.202.113.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172252/; classtype:trojan-activity;sid:84035352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172253)"; flow:established,from_client; content:"GET"; http_method; content:"/hh.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.202.113.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172253/; classtype:trojan-activity;sid:84035353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172254)"; flow:established,from_client; content:"GET"; http_method; content:"/reverse.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.202.113.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172254/; classtype:trojan-activity;sid:84035354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172255)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.202.113.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172255/; classtype:trojan-activity;sid:84035355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172256)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.202.113.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172256/; classtype:trojan-activity;sid:84035356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172240)"; flow:established,from_client; content:"GET"; http_method; content:"/techsavvysenior/referralreactjs/archive/refs/heads/main.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172240/; classtype:trojan-activity;sid:84035340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172125)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172125/; classtype:trojan-activity;sid:84035225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172126)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172126/; classtype:trojan-activity;sid:84035226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172127)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172127/; classtype:trojan-activity;sid:84035227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172128)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172128/; classtype:trojan-activity;sid:84035228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172129)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172129/; classtype:trojan-activity;sid:84035229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172130)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172130/; classtype:trojan-activity;sid:84035230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172131)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172131/; classtype:trojan-activity;sid:84035231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3171183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.16.102.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3171183/; classtype:trojan-activity;sid:84034283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3170498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.0.194.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3170498/; classtype:trojan-activity;sid:84033598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3170446)"; flow:established,from_client; content:"GET"; http_method; content:"/scsi_esrr_1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"8.218.239.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3170446/; classtype:trojan-activity;sid:84033546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3170445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.60.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3170445/; classtype:trojan-activity;sid:84033545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3170362)"; flow:established,from_client; content:"GET"; http_method; content:"/386.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"112.33.27.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3170362/; classtype:trojan-activity;sid:84033462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169894)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3169894/; classtype:trojan-activity;sid:84032994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169895)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3169895/; classtype:trojan-activity;sid:84032995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169896)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3169896/; classtype:trojan-activity;sid:84032996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169897)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3169897/; classtype:trojan-activity;sid:84032997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169898)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3169898/; classtype:trojan-activity;sid:84032998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169899)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3169899/; classtype:trojan-activity;sid:84032999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169900)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3169900/; classtype:trojan-activity;sid:84033000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169089)"; flow:established,from_client; content:"GET"; http_method; content:"/ns1.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"121.40.85.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_12; reference:url, urlhaus.abuse.ch/url/3169089/; classtype:trojan-activity;sid:84032189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169080)"; flow:established,from_client; content:"GET"; http_method; content:"/tenants/135790374f46b0107c516a5f5e13069b/5e5f800fdf87209fdf8f9b61441e53a1/linux/x64/stable/install.sh"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"download.cudo.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_09_12; reference:url, urlhaus.abuse.ch/url/3169080/; classtype:trojan-activity;sid:84032180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3168122)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_12; reference:url, urlhaus.abuse.ch/url/3168122/; classtype:trojan-activity;sid:84031222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3167915)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.157.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_12; reference:url, urlhaus.abuse.ch/url/3167915/; classtype:trojan-activity;sid:84031015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3167008)"; flow:established,from_client; content:"GET"; http_method; content:"/233_uywnfzbryrv"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mbsngradnja.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_11; reference:url, urlhaus.abuse.ch/url/3167008/; classtype:trojan-activity;sid:84030108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3167009)"; flow:established,from_client; content:"GET"; http_method; content:"/233_uywnfzbryrv"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mbsngradnja.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_11; reference:url, urlhaus.abuse.ch/url/3167009/; classtype:trojan-activity;sid:84030109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165913)"; flow:established,from_client; content:"GET"; http_method; content:"/down/2b4pi1hcjx7p.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"121.40.100.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165913/; classtype:trojan-activity;sid:84029013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165793)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/la.bot.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165793/; classtype:trojan-activity;sid:84028893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165794)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165794/; classtype:trojan-activity;sid:84028894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165791)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165791/; classtype:trojan-activity;sid:84028891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165792)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165792/; classtype:trojan-activity;sid:84028892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165777)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/la.bot.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165777/; classtype:trojan-activity;sid:84028877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165778)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165778/; classtype:trojan-activity;sid:84028878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165779)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165779/; classtype:trojan-activity;sid:84028879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165780)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/la.bot.sparc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165780/; classtype:trojan-activity;sid:84028880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165781)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.powerpc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165781/; classtype:trojan-activity;sid:84028881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165782)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/la.bot.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165782/; classtype:trojan-activity;sid:84028882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165783)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/la.bot.mipsel"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165783/; classtype:trojan-activity;sid:84028883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165784)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.sparc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165784/; classtype:trojan-activity;sid:84028884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165785)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.mipsel"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165785/; classtype:trojan-activity;sid:84028885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165786)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/la.bot.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165786/; classtype:trojan-activity;sid:84028886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165787)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165787/; classtype:trojan-activity;sid:84028887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165788)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/la.bot.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165788/; classtype:trojan-activity;sid:84028888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165789)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/la.bot.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165789/; classtype:trojan-activity;sid:84028889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165790)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165790/; classtype:trojan-activity;sid:84028890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165775)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/la.bot.powerpc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165775/; classtype:trojan-activity;sid:84028875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165776)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/la.bot.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165776/; classtype:trojan-activity;sid:84028876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3164933)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.180.23.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3164933/; classtype:trojan-activity;sid:84028033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3164816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.194.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3164816/; classtype:trojan-activity;sid:84027916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3163568)"; flow:established,from_client; content:"GET"; http_method; content:"/avoslocker.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_09; reference:url, urlhaus.abuse.ch/url/3163568/; classtype:trojan-activity;sid:84026668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3163237)"; flow:established,from_client; content:"GET"; http_method; content:"/avastavv.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avastop.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_09; reference:url, urlhaus.abuse.ch/url/3163237/; classtype:trojan-activity;sid:84026337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3163126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.16.102.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_08; reference:url, urlhaus.abuse.ch/url/3163126/; classtype:trojan-activity;sid:84026226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3161411)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/aaaaa-dc2a3.appspot.com/o/ezife.txt|3f|alt=media|7c|26|7c|token=76efce27-fa0e-4742-86ec-47a2efb14fbd"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_09_07; reference:url, urlhaus.abuse.ch/url/3161411/; classtype:trojan-activity;sid:84024511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3159450)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"onemk3.teracomm.mk"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_09_06; reference:url, urlhaus.abuse.ch/url/3159450/; classtype:trojan-activity;sid:84022550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3158404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.230.28.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3158404/; classtype:trojan-activity;sid:84021504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3158390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.230.28.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3158390/; classtype:trojan-activity;sid:84021490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3157666)"; flow:established,from_client; content:"GET"; http_method; content:"/ns3.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"121.40.85.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3157666/; classtype:trojan-activity;sid:84020766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3157551)"; flow:established,from_client; content:"GET"; http_method; content:"/superdev-1018/casino_game/archive/refs/heads/main.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3157551/; classtype:trojan-activity;sid:84020651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3157432)"; flow:established,from_client; content:"GET"; http_method; content:"/journal.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3157432/; classtype:trojan-activity;sid:84020532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3157433)"; flow:established,from_client; content:"GET"; http_method; content:"/prototype.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3157433/; classtype:trojan-activity;sid:84020533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3157428)"; flow:established,from_client; content:"GET"; http_method; content:"/accounts.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3157428/; classtype:trojan-activity;sid:84020528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3157429)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterloc.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.154.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3157429/; classtype:trojan-activity;sid:84020529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3157430)"; flow:established,from_client; content:"GET"; http_method; content:"/accounts.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3157430/; classtype:trojan-activity;sid:84020530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3157431)"; flow:established,from_client; content:"GET"; http_method; content:"/extension.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3157431/; classtype:trojan-activity;sid:84020531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3157426)"; flow:established,from_client; content:"GET"; http_method; content:"/meeting.sfx.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.197.154.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3157426/; classtype:trojan-activity;sid:84020526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3157427)"; flow:established,from_client; content:"GET"; http_method; content:"/meeting.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3157427/; classtype:trojan-activity;sid:84020527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156471)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.94.67.222"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156471/; classtype:trojan-activity;sid:84019571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156473)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.20.88.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156473/; classtype:trojan-activity;sid:84019573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156454)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"122.51.75.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156454/; classtype:trojan-activity;sid:84019554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156446)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.178.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156446/; classtype:trojan-activity;sid:84019546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156443)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.234.216.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156443/; classtype:trojan-activity;sid:84019543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156427)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.31.16.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156427/; classtype:trojan-activity;sid:84019527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156428)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.115.166.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156428/; classtype:trojan-activity;sid:84019528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156330)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/aaaaa-dc2a3.appspot.com/o/virusnnnnnmeu0409.txt|3f|alt=media|7c|26|7c|token=b21da726-7c55-43bb-a0da-7405252c43c6"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156330/; classtype:trojan-activity;sid:84019430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156256)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/6ixcgyundte9indcrjg0.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156256/; classtype:trojan-activity;sid:84019356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156257)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/omf035w09jhsw3qim7yy.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156257/; classtype:trojan-activity;sid:84019357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156258)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156258/; classtype:trojan-activity;sid:84019358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156259)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156259/; classtype:trojan-activity;sid:84019359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156260)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/obaqiquigeflou8dltcj.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156260/; classtype:trojan-activity;sid:84019360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156261)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/spkld0pht5zkdb7062ql.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156261/; classtype:trojan-activity;sid:84019361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156246)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/u9iczzb5fm5owwojnw5q.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156246/; classtype:trojan-activity;sid:84019346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156248)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/v"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156248/; classtype:trojan-activity;sid:84019348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156249)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/e96h9t9y6mvvm4pyti8p.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156249/; classtype:trojan-activity;sid:84019349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156250)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/tqjkts441txvedugsp7z.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156250/; classtype:trojan-activity;sid:84019350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156251)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156251/; classtype:trojan-activity;sid:84019351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156252)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/thxb4tu1jp1fqqfsqky1.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156252/; classtype:trojan-activity;sid:84019352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156253)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/srsjgq7vhhmecv535vvs.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156253/; classtype:trojan-activity;sid:84019353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156254)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/hn9om6j1c9ycqkei5xe2.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156254/; classtype:trojan-activity;sid:84019354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156255)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/t8eceab2kwpje4vdedzb.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156255/; classtype:trojan-activity;sid:84019355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156244)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/kyorihrhn8gphiz4be4p.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156244/; classtype:trojan-activity;sid:84019344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156245)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/xdz2maxjk6goovrsde3u.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156245/; classtype:trojan-activity;sid:84019345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156243)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/l8dnezoixbihmshsbj12.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156243/; classtype:trojan-activity;sid:84019343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156233)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156233/; classtype:trojan-activity;sid:84019333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156234)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/t8eceab2kwpje4vdedzb.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156234/; classtype:trojan-activity;sid:84019334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156235)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/6ixcgyundte9indcrjg0.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156235/; classtype:trojan-activity;sid:84019335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156236)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156236/; classtype:trojan-activity;sid:84019336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156237)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/srsjgq7vhhmecv535vvs.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156237/; classtype:trojan-activity;sid:84019337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156238)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/v"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156238/; classtype:trojan-activity;sid:84019338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156239)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/spkld0pht5zkdb7062ql.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156239/; classtype:trojan-activity;sid:84019339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156240)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/e96h9t9y6mvvm4pyti8p.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156240/; classtype:trojan-activity;sid:84019340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156241)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/l8dnezoixbihmshsbj12.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156241/; classtype:trojan-activity;sid:84019341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156242)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156242/; classtype:trojan-activity;sid:84019342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156232)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/omf035w09jhsw3qim7yy.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156232/; classtype:trojan-activity;sid:84019332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156226)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/hn9om6j1c9ycqkei5xe2.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156226/; classtype:trojan-activity;sid:84019326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156227)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/xdz2maxjk6goovrsde3u.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156227/; classtype:trojan-activity;sid:84019327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156228)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/kyorihrhn8gphiz4be4p.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156228/; classtype:trojan-activity;sid:84019328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156229)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/thxb4tu1jp1fqqfsqky1.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156229/; classtype:trojan-activity;sid:84019329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156230)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/tqjkts441txvedugsp7z.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156230/; classtype:trojan-activity;sid:84019330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156231)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/u9iczzb5fm5owwojnw5q.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156231/; classtype:trojan-activity;sid:84019331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156225)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/obaqiquigeflou8dltcj.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156225/; classtype:trojan-activity;sid:84019325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3154718)"; flow:established,from_client; content:"GET"; http_method; content:"/hackirby/discord-injection/main/injection.js"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_03; reference:url, urlhaus.abuse.ch/url/3154718/; classtype:trojan-activity;sid:84017818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3154392)"; flow:established,from_client; content:"GET"; http_method; content:"/shell.elf"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.34.162.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_03; reference:url, urlhaus.abuse.ch/url/3154392/; classtype:trojan-activity;sid:84017492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3154393)"; flow:established,from_client; content:"GET"; http_method; content:"/shell86.elf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"144.34.162.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_03; reference:url, urlhaus.abuse.ch/url/3154393/; classtype:trojan-activity;sid:84017493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3154394)"; flow:established,from_client; content:"GET"; http_method; content:"/1_encoded.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"144.34.162.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_03; reference:url, urlhaus.abuse.ch/url/3154394/; classtype:trojan-activity;sid:84017494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3154395)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"144.34.162.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_03; reference:url, urlhaus.abuse.ch/url/3154395/; classtype:trojan-activity;sid:84017495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153518)"; flow:established,from_client; content:"GET"; http_method; content:"/ew.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"134.122.129.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153518/; classtype:trojan-activity;sid:84016618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153519)"; flow:established,from_client; content:"GET"; http_method; content:"/ew.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"134.122.129.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153519/; classtype:trojan-activity;sid:84016619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153517)"; flow:established,from_client; content:"GET"; http_method; content:"/get"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"134.122.129.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153517/; classtype:trojan-activity;sid:84016617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153516)"; flow:established,from_client; content:"GET"; http_method; content:"/get"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"134.122.129.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153516/; classtype:trojan-activity;sid:84016616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153507)"; flow:established,from_client; content:"GET"; http_method; content:"/get"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"134.122.129.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153507/; classtype:trojan-activity;sid:84016607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153312)"; flow:established,from_client; content:"GET"; http_method; content:"/jndiexploit-0x727-1.3-snapshot.jar"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"8.219.134.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153312/; classtype:trojan-activity;sid:84016412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153310)"; flow:established,from_client; content:"GET"; http_method; content:"/fastjson.class"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.219.134.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153310/; classtype:trojan-activity;sid:84016410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153297)"; flow:established,from_client; content:"GET"; http_method; content:"/ew.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"134.122.129.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153297/; classtype:trojan-activity;sid:84016397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3152780)"; flow:established,from_client; content:"GET"; http_method; content:"/arma3sync.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.254.96.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3152780/; classtype:trojan-activity;sid:84015880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3152636)"; flow:established,from_client; content:"GET"; http_method; content:"/3836fd5700214436/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.202.233.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3152636/; classtype:trojan-activity;sid:84015736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3152637)"; flow:established,from_client; content:"GET"; http_method; content:"/3836fd5700214436/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3152637/; classtype:trojan-activity;sid:84015737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3152639)"; flow:established,from_client; content:"GET"; http_method; content:"/3836fd5700214436/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.202.233.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3152639/; classtype:trojan-activity;sid:84015739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3152640)"; flow:established,from_client; content:"GET"; http_method; content:"/3836fd5700214436/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.202.233.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3152640/; classtype:trojan-activity;sid:84015740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3152641)"; flow:established,from_client; content:"GET"; http_method; content:"/3836fd5700214436/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.202.233.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3152641/; classtype:trojan-activity;sid:84015741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3152642)"; flow:established,from_client; content:"GET"; http_method; content:"/3836fd5700214436/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.202.233.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3152642/; classtype:trojan-activity;sid:84015742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3152643)"; flow:established,from_client; content:"GET"; http_method; content:"/3836fd5700214436/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3152643/; classtype:trojan-activity;sid:84015743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3152132)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"59.110.172.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3152132/; classtype:trojan-activity;sid:84015232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3152070)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.97.57.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3152070/; classtype:trojan-activity;sid:84015170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3151920)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.178.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3151920/; classtype:trojan-activity;sid:84015020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138431)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138431/; classtype:trojan-activity;sid:84001531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138430)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138430/; classtype:trojan-activity;sid:84001530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138428)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138428/; classtype:trojan-activity;sid:84001528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138429)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138429/; classtype:trojan-activity;sid:84001529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138426)"; flow:established,from_client; content:"GET"; http_method; content:"/clean"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138426/; classtype:trojan-activity;sid:84001526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138268)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138268/; classtype:trojan-activity;sid:84001368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3137563)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_31; reference:url, urlhaus.abuse.ch/url/3137563/; classtype:trojan-activity;sid:84000663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3136739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.200.248.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_31; reference:url, urlhaus.abuse.ch/url/3136739/; classtype:trojan-activity;sid:83999839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3136217)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%94%be%e5%81%87%e5%80%bc%e7%8f%ad%e5%ae%89%e6%8e%92.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"8.134.12.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3136217/; classtype:trojan-activity;sid:83999317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3136215)"; flow:established,from_client; content:"GET"; http_method; content:"/3btt"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"8.134.12.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3136215/; classtype:trojan-activity;sid:83999315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3136216)"; flow:established,from_client; content:"GET"; http_method; content:"/k8mm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"8.134.12.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3136216/; classtype:trojan-activity;sid:83999316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3136214)"; flow:established,from_client; content:"GET"; http_method; content:"/feishu_update.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"8.134.12.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3136214/; classtype:trojan-activity;sid:83999314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135734)"; flow:established,from_client; content:"GET"; http_method; content:"/syn"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"167.234.240.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135734/; classtype:trojan-activity;sid:83998834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135730)"; flow:established,from_client; content:"GET"; http_method; content:"/miners/myxmrig.tgz"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"do-dear.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135730/; classtype:trojan-activity;sid:83998830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135722)"; flow:established,from_client; content:"GET"; http_method; content:"/sosinchik/asd/main/zoom.py"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135722/; classtype:trojan-activity;sid:83998822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135724)"; flow:established,from_client; content:"GET"; http_method; content:"/moneroocean/xmrig_setup/master/setup_moneroocean_miner.sh"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135724/; classtype:trojan-activity;sid:83998824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135725)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dsfuwqu/main/zombie"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135725/; classtype:trojan-activity;sid:83998825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135613)"; flow:established,from_client; content:"GET"; http_method; content:"/log/orgn.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"epanpano.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135613/; classtype:trojan-activity;sid:83998713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134371)"; flow:established,from_client; content:"GET"; http_method; content:"/qqhelper_1540.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"down.qqfarmer.com.cn"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134371/; classtype:trojan-activity;sid:83997471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134368)"; flow:established,from_client; content:"GET"; http_method; content:"/login/1188%e7%83%88%e7%84%b0.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"cdn.ly.9377.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134368/; classtype:trojan-activity;sid:83997468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134016)"; flow:established,from_client; content:"GET"; http_method; content:"/06-wudao/%e8%88%9e%e8%b9%88%e5%8a%a9%e6%89%8b.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"up.maolaoban.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134016/; classtype:trojan-activity;sid:83997116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134001)"; flow:established,from_client; content:"GET"; http_method; content:"/143/bot/sj.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2.haory.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134001/; classtype:trojan-activity;sid:83997101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3130985)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/adadada-fe29c.appspot.com/o/fc.txt|3f|alt=media|7c|26|7c|token=b9e122e9-326d-4e11-b005-be128c5b487e"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_08_27; reference:url, urlhaus.abuse.ch/url/3130985/; classtype:trojan-activity;sid:83994085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3130984)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/asas-495ee.appspot.com/o/55.jpg|3f|alt=media|7c|26|7c|token=83466f23-8119-4bc0-8589-76995553bdfa"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_08_27; reference:url, urlhaus.abuse.ch/url/3130984/; classtype:trojan-activity;sid:83994084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3130983)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/adadada-fe29c.appspot.com/o/ppaste.txt|3f|alt=media|7c|26|7c|token=2e3df61b-5f41-4e2b-9c0b-5664eded29e5"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_08_27; reference:url, urlhaus.abuse.ch/url/3130983/; classtype:trojan-activity;sid:83994083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3130738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.16.67.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_27; reference:url, urlhaus.abuse.ch/url/3130738/; classtype:trojan-activity;sid:83993838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3130459)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/aaaaa-dc2a3.appspot.com/o/aaaaaaaaabbbbbbbbbb.txt|3f|alt=media|7c|26|7c|token=b258ab10-99ab-4d37-8a91-7954022a451e"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_08_27; reference:url, urlhaus.abuse.ch/url/3130459/; classtype:trojan-activity;sid:83993559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129877)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/dll3js.appspot.com/o/dlljs2036.txt|3f|alt=media|7c|26|7c|token=f2f9ed1a-db47-4924-bb04-7b3e905bc597"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129877/; classtype:trojan-activity;sid:83992977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129654)"; flow:established,from_client; content:"GET"; http_method; content:"/nova_flow/patcher.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"144.172.71.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129654/; classtype:trojan-activity;sid:83992754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129592)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%8b%8d%e7%89%8c%e4%b8%93%e4%b8%9a%e7%89%88.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"ini.sh-pp.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129592/; classtype:trojan-activity;sid:83992692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129577)"; flow:established,from_client; content:"GET"; http_method; content:"/pages/update/css/self/[upg]css.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"cs.go.kg"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129577/; classtype:trojan-activity;sid:83992677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129512)"; flow:established,from_client; content:"GET"; http_method; content:"/gmbuild/v1.1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.qqqmy.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129512/; classtype:trojan-activity;sid:83992612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129478)"; flow:established,from_client; content:"GET"; http_method; content:"/zoldownload/foobar2000_v1.6.7_beta_17@1704_129472.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"down10d.zol.com.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129478/; classtype:trojan-activity;sid:83992578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129422)"; flow:established,from_client; content:"GET"; http_method; content:"/tjqdq.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.249.193.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129422/; classtype:trojan-activity;sid:83992522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129421)"; flow:established,from_client; content:"GET"; http_method; content:"/test/restart1.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.aqianniao.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129421/; classtype:trojan-activity;sid:83992521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129417)"; flow:established,from_client; content:"GET"; http_method; content:"/asmedises/pxray_cast_sort.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.medises.co.kr"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129417/; classtype:trojan-activity;sid:83992517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129223)"; flow:established,from_client; content:"GET"; http_method; content:"/enp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adf6.adf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129223/; classtype:trojan-activity;sid:83992323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129220)"; flow:established,from_client; content:"GET"; http_method; content:"/media/mod_junewsultra/js/bootstrap/js/bootstrap.min.js"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"temirtau-adm.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129220/; classtype:trojan-activity;sid:83992320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129177)"; flow:established,from_client; content:"GET"; http_method; content:"/xclient.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.197.69.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129177/; classtype:trojan-activity;sid:83992277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129176)"; flow:established,from_client; content:"GET"; http_method; content:"/crss.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.197.69.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129176/; classtype:trojan-activity;sid:83992276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129042)"; flow:established,from_client; content:"GET"; http_method; content:"/yuta1111x/selfbot/04ecdf46e8db9fce689d93905d759334b475c825/aquarius.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129042/; classtype:trojan-activity;sid:83992142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129003)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129003/; classtype:trojan-activity;sid:83992103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3128969)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/k1.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3128969/; classtype:trojan-activity;sid:83992069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3128962)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/a1.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3128962/; classtype:trojan-activity;sid:83992062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3128963)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/x2.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3128963/; classtype:trojan-activity;sid:83992063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3128964)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/ark.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3128964/; classtype:trojan-activity;sid:83992064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3128965)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/rt.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3128965/; classtype:trojan-activity;sid:83992065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127950)"; flow:established,from_client; content:"GET"; http_method; content:"/greetings/greetings1/wow.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127950/; classtype:trojan-activity;sid:83991050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127898)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyld611114.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127898/; classtype:trojan-activity;sid:83990998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127897)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identification-1.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127897/; classtype:trojan-activity;sid:83990997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127896)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/purlog.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127896/; classtype:trojan-activity;sid:83990996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127895)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/baddstore.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127895/; classtype:trojan-activity;sid:83990995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127894)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mswgoudnv.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127894/; classtype:trojan-activity;sid:83990994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127893)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ven_protected.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127893/; classtype:trojan-activity;sid:83990993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127892)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/surfex.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127892/; classtype:trojan-activity;sid:83990992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127891)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gagagggagagag.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127891/; classtype:trojan-activity;sid:83990991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127794)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build9.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127794/; classtype:trojan-activity;sid:83990894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127791)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/t3.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127791/; classtype:trojan-activity;sid:83990891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127789)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winn.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127789/; classtype:trojan-activity;sid:83990889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127787)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/explorer.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127787/; classtype:trojan-activity;sid:83990887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127788)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/new1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127788/; classtype:trojan-activity;sid:83990888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127602)"; flow:established,from_client; content:"GET"; http_method; content:"/data/omg.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"129.151.210.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127602/; classtype:trojan-activity;sid:83990702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127561)"; flow:established,from_client; content:"GET"; http_method; content:"/slv.gif"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127561/; classtype:trojan-activity;sid:83990661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3126010)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2021-3156.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"20.243.255.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3126010/; classtype:trojan-activity;sid:83989110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125901)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2021-3156.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"20.243.255.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125901/; classtype:trojan-activity;sid:83989001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125605)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/indentif.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125605/; classtype:trojan-activity;sid:83988705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125604)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/s%d0%b5tu%d1%80111.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125604/; classtype:trojan-activity;sid:83988704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125603)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxxx.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125603/; classtype:trojan-activity;sid:83988703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125602)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/windowsui.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125602/; classtype:trojan-activity;sid:83988702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125601)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac22222.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125601/; classtype:trojan-activity;sid:83988701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125598)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_default2.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125598/; classtype:trojan-activity;sid:83988698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3121905)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/caricatured.emz"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"jahez.me"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_22; reference:url, urlhaus.abuse.ch/url/3121905/; classtype:trojan-activity;sid:83985005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3121906)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/azdbzliddkt187.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"jahez.me"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_22; reference:url, urlhaus.abuse.ch/url/3121906/; classtype:trojan-activity;sid:83985006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3120967)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vn70wvxw.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_21; reference:url, urlhaus.abuse.ch/url/3120967/; classtype:trojan-activity;sid:83984067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3120608)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted8888.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_21; reference:url, urlhaus.abuse.ch/url/3120608/; classtype:trojan-activity;sid:83983708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3120498)"; flow:established,from_client; content:"GET"; http_method; content:"/f.php|3f|h=2v4ag0ze|7c|26|7c|d=1"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"soyjak.download"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_21; reference:url, urlhaus.abuse.ch/url/3120498/; classtype:trojan-activity;sid:83983598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3120496)"; flow:established,from_client; content:"GET"; http_method; content:"/download/ru/downloader.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ldcdn.ldmnq.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_21; reference:url, urlhaus.abuse.ch/url/3120496/; classtype:trojan-activity;sid:83983596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118765)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118765/; classtype:trojan-activity;sid:83981865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118418)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dtrade_v1.3.6.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118418/; classtype:trojan-activity;sid:83981518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118411)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_daval.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118411/; classtype:trojan-activity;sid:83981511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117673)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/meta.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117673/; classtype:trojan-activity;sid:83980773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117555)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identification.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117555/; classtype:trojan-activity;sid:83980655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117553)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/channel.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117553/; classtype:trojan-activity;sid:83980653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117554)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clcs.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117554/; classtype:trojan-activity;sid:83980654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117552)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117552/; classtype:trojan-activity;sid:83980652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117551)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/seo.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117551/; classtype:trojan-activity;sid:83980651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117550)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/coreplugin.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117550/; classtype:trojan-activity;sid:83980650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117549)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/diskutility.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117549/; classtype:trojan-activity;sid:83980649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3116194)"; flow:established,from_client; content:"GET"; http_method; content:"/avastavv.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avastpx.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_19; reference:url, urlhaus.abuse.ch/url/3116194/; classtype:trojan-activity;sid:83979294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3115896)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/drchoe.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_19; reference:url, urlhaus.abuse.ch/url/3115896/; classtype:trojan-activity;sid:83978996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113834)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c103.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113834/; classtype:trojan-activity;sid:83976934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113833)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c040.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113833/; classtype:trojan-activity;sid:83976933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113832)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c091.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113832/; classtype:trojan-activity;sid:83976932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113831)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c156.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113831/; classtype:trojan-activity;sid:83976931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113830)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c057.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113830/; classtype:trojan-activity;sid:83976930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113829)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c073.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113829/; classtype:trojan-activity;sid:83976929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113828)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c012.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113828/; classtype:trojan-activity;sid:83976928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113827)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c152.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113827/; classtype:trojan-activity;sid:83976927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113826)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c055.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113826/; classtype:trojan-activity;sid:83976926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113824)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c011.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113824/; classtype:trojan-activity;sid:83976924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113825)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c065.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113825/; classtype:trojan-activity;sid:83976925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113822)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c019.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113822/; classtype:trojan-activity;sid:83976922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113821)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c016.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113821/; classtype:trojan-activity;sid:83976921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113820)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c005.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113820/; classtype:trojan-activity;sid:83976920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113819)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c001.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113819/; classtype:trojan-activity;sid:83976919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113818)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c026.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113818/; classtype:trojan-activity;sid:83976918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113817)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c002.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113817/; classtype:trojan-activity;sid:83976917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113816)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c053.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113816/; classtype:trojan-activity;sid:83976916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113815)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c150.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113815/; classtype:trojan-activity;sid:83976915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113814)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c093.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113814/; classtype:trojan-activity;sid:83976914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113813)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c088.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113813/; classtype:trojan-activity;sid:83976913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113811)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c050.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113811/; classtype:trojan-activity;sid:83976911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113812)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c058.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113812/; classtype:trojan-activity;sid:83976912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113810)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c012.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113810/; classtype:trojan-activity;sid:83976910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113809)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c079.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113809/; classtype:trojan-activity;sid:83976909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113808)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c162.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113808/; classtype:trojan-activity;sid:83976908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113807)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c010.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113807/; classtype:trojan-activity;sid:83976907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113806)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c153.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113806/; classtype:trojan-activity;sid:83976906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113805)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c063.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113805/; classtype:trojan-activity;sid:83976905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113804)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c009.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113804/; classtype:trojan-activity;sid:83976904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113803)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_au003.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113803/; classtype:trojan-activity;sid:83976903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113802)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c004.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113802/; classtype:trojan-activity;sid:83976902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113801)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c181.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113801/; classtype:trojan-activity;sid:83976901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113799)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c051.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113799/; classtype:trojan-activity;sid:83976899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113798)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c035.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113798/; classtype:trojan-activity;sid:83976898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113797)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c007.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113797/; classtype:trojan-activity;sid:83976897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113796)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c159.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113796/; classtype:trojan-activity;sid:83976896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113795)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c110.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113795/; classtype:trojan-activity;sid:83976895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113791)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c029.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113791/; classtype:trojan-activity;sid:83976891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113792)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c168.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113792/; classtype:trojan-activity;sid:83976892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113794)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c081.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113794/; classtype:trojan-activity;sid:83976894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113790)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c030.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113790/; classtype:trojan-activity;sid:83976890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113789)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c062.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113789/; classtype:trojan-activity;sid:83976889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113788)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_product.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113788/; classtype:trojan-activity;sid:83976888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113787)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c061.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113787/; classtype:trojan-activity;sid:83976887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113786)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c054.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113786/; classtype:trojan-activity;sid:83976886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113782)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c006.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113782/; classtype:trojan-activity;sid:83976882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113778)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c072.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113778/; classtype:trojan-activity;sid:83976878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113779)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c180.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113779/; classtype:trojan-activity;sid:83976879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113780)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c014.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113780/; classtype:trojan-activity;sid:83976880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113781)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c024.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113781/; classtype:trojan-activity;sid:83976881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113777)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c060.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113777/; classtype:trojan-activity;sid:83976877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113776)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c106.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113776/; classtype:trojan-activity;sid:83976876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113775)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c052.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113775/; classtype:trojan-activity;sid:83976875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113774)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c615.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113774/; classtype:trojan-activity;sid:83976874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113772)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c076.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113772/; classtype:trojan-activity;sid:83976872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113773)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c151.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113773/; classtype:trojan-activity;sid:83976873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113771)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c101.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113771/; classtype:trojan-activity;sid:83976871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113769)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c054.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113769/; classtype:trojan-activity;sid:83976869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113770)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c003.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113770/; classtype:trojan-activity;sid:83976870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113768)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c028.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113768/; classtype:trojan-activity;sid:83976868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113767)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c022.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113767/; classtype:trojan-activity;sid:83976867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113765)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c068.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113765/; classtype:trojan-activity;sid:83976865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113759)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c005.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113759/; classtype:trojan-activity;sid:83976859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113760)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c020.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113760/; classtype:trojan-activity;sid:83976860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113761)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c028.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113761/; classtype:trojan-activity;sid:83976861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113762)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c018.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113762/; classtype:trojan-activity;sid:83976862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113758)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c160.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113758/; classtype:trojan-activity;sid:83976858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113756)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c064.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113756/; classtype:trojan-activity;sid:83976856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113757)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c056.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113757/; classtype:trojan-activity;sid:83976857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113755)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c169.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113755/; classtype:trojan-activity;sid:83976855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113751)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c157.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113751/; classtype:trojan-activity;sid:83976851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113752)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c025.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113752/; classtype:trojan-activity;sid:83976852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113753)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c024.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113753/; classtype:trojan-activity;sid:83976853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113754)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c036.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113754/; classtype:trojan-activity;sid:83976854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113750)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c182.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113750/; classtype:trojan-activity;sid:83976850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113748)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c164.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113748/; classtype:trojan-activity;sid:83976848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113749)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c056.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113749/; classtype:trojan-activity;sid:83976849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113747)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c029.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113747/; classtype:trojan-activity;sid:83976847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113746)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c006.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113746/; classtype:trojan-activity;sid:83976846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113745)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c002.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113745/; classtype:trojan-activity;sid:83976845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113744)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c080.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113744/; classtype:trojan-activity;sid:83976844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113742)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c083.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113742/; classtype:trojan-activity;sid:83976842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113743)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c089.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113743/; classtype:trojan-activity;sid:83976843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113734)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c007.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113734/; classtype:trojan-activity;sid:83976834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113731)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c023.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113731/; classtype:trojan-activity;sid:83976831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113732)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c067.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113732/; classtype:trojan-activity;sid:83976832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113733)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c025.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113733/; classtype:trojan-activity;sid:83976833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113730)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c163.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113730/; classtype:trojan-activity;sid:83976830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113728)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c108.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113728/; classtype:trojan-activity;sid:83976828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113729)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c154.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113729/; classtype:trojan-activity;sid:83976829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113727)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c021.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113727/; classtype:trojan-activity;sid:83976827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113726)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c013.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113726/; classtype:trojan-activity;sid:83976826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113724)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c038.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113724/; classtype:trojan-activity;sid:83976824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113725)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c050.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113725/; classtype:trojan-activity;sid:83976825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113723)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c023.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113723/; classtype:trojan-activity;sid:83976823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113720)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c092.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113720/; classtype:trojan-activity;sid:83976820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113721)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c033.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113721/; classtype:trojan-activity;sid:83976821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113722)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c015.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113722/; classtype:trojan-activity;sid:83976822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113719)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c018.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113719/; classtype:trojan-activity;sid:83976819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113717)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c003.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113717/; classtype:trojan-activity;sid:83976817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113716)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c051.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113716/; classtype:trojan-activity;sid:83976816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113715)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c00h.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113715/; classtype:trojan-activity;sid:83976815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113713)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c032.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113713/; classtype:trojan-activity;sid:83976813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113714)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c062.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113714/; classtype:trojan-activity;sid:83976814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113711)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c084.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113711/; classtype:trojan-activity;sid:83976811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113710)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c037.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113710/; classtype:trojan-activity;sid:83976810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113708)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c026.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113708/; classtype:trojan-activity;sid:83976808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113709)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c087.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113709/; classtype:trojan-activity;sid:83976809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113707)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c034.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113707/; classtype:trojan-activity;sid:83976807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113706)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c161.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113706/; classtype:trojan-activity;sid:83976806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113705)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c021.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113705/; classtype:trojan-activity;sid:83976805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113704)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c055.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113704/; classtype:trojan-activity;sid:83976804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113702)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c004.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113702/; classtype:trojan-activity;sid:83976802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113699)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c075.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113699/; classtype:trojan-activity;sid:83976799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113701)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c105.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113701/; classtype:trojan-activity;sid:83976801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113697)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c060.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113697/; classtype:trojan-activity;sid:83976797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113698)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c066.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113698/; classtype:trojan-activity;sid:83976798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113692)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c155.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113692/; classtype:trojan-activity;sid:83976792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113693)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c061.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113693/; classtype:trojan-activity;sid:83976793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113694)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c022.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113694/; classtype:trojan-activity;sid:83976794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113696)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c011.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113696/; classtype:trojan-activity;sid:83976796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113690)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c001.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113690/; classtype:trojan-activity;sid:83976790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113691)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c014.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113691/; classtype:trojan-activity;sid:83976791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113689)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c031.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113689/; classtype:trojan-activity;sid:83976789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113687)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c027.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113687/; classtype:trojan-activity;sid:83976787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113686)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c019.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113686/; classtype:trojan-activity;sid:83976786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113685)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c078.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113685/; classtype:trojan-activity;sid:83976785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113683)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c090.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113683/; classtype:trojan-activity;sid:83976783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113684)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c086.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113684/; classtype:trojan-activity;sid:83976784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113681)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c070.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113681/; classtype:trojan-activity;sid:83976781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113682)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c167.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113682/; classtype:trojan-activity;sid:83976782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113679)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c085.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113679/; classtype:trojan-activity;sid:83976779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113680)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c166.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113680/; classtype:trojan-activity;sid:83976780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113678)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c158.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113678/; classtype:trojan-activity;sid:83976778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113676)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c013.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113676/; classtype:trojan-activity;sid:83976776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113675)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c071.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113675/; classtype:trojan-activity;sid:83976775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113672)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c008.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113672/; classtype:trojan-activity;sid:83976772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113670)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c109.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113670/; classtype:trojan-activity;sid:83976770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113671)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_au002.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113671/; classtype:trojan-activity;sid:83976771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113669)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_t001.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113669/; classtype:trojan-activity;sid:83976769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113666)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c082.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113666/; classtype:trojan-activity;sid:83976766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113667)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c059.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113667/; classtype:trojan-activity;sid:83976767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113665)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c053.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113665/; classtype:trojan-activity;sid:83976765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113664)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c077.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113664/; classtype:trojan-activity;sid:83976764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113660)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c001_backup.rar"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113660/; classtype:trojan-activity;sid:83976760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113661)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c165.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113661/; classtype:trojan-activity;sid:83976761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113659)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c107.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113659/; classtype:trojan-activity;sid:83976759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112853)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/set-up.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112853/; classtype:trojan-activity;sid:83975953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112844)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/battlegermany.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112844/; classtype:trojan-activity;sid:83975944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112728)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3546345.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112728/; classtype:trojan-activity;sid:83975828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112688)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/channel1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112688/; classtype:trojan-activity;sid:83975788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112427)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.104.213.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112427/; classtype:trojan-activity;sid:83975527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112426)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"200.29.120.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112426/; classtype:trojan-activity;sid:83975526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112423)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.104.242.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112423/; classtype:trojan-activity;sid:83975523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112419)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.76.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112419/; classtype:trojan-activity;sid:83975519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112420)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.76.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112420/; classtype:trojan-activity;sid:83975520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112410)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.118.19.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112410/; classtype:trojan-activity;sid:83975510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112411)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.118.19.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112411/; classtype:trojan-activity;sid:83975511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112415)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.118.19.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112415/; classtype:trojan-activity;sid:83975515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112417)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.121.250.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112417/; classtype:trojan-activity;sid:83975517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112418)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.120.203.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112418/; classtype:trojan-activity;sid:83975518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3111151)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/contorax.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3111151/; classtype:trojan-activity;sid:83974251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110939)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/survox.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110939/; classtype:trojan-activity;sid:83974039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110871)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.106.77.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110871/; classtype:trojan-activity;sid:83973971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110860)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.141.166.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110860/; classtype:trojan-activity;sid:83973960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110861)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110861/; classtype:trojan-activity;sid:83973961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110852)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.108.142.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110852/; classtype:trojan-activity;sid:83973952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110856)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.40.196.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110856/; classtype:trojan-activity;sid:83973956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110857)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"112.74.95.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110857/; classtype:trojan-activity;sid:83973957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110838)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"111.230.25.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110838/; classtype:trojan-activity;sid:83973938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110834)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.113.107.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110834/; classtype:trojan-activity;sid:83973934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110832)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.134.163.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110832/; classtype:trojan-activity;sid:83973932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110810)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.24.90.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110810/; classtype:trojan-activity;sid:83973910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110813)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.35.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110813/; classtype:trojan-activity;sid:83973913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110794)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.130.32.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110794/; classtype:trojan-activity;sid:83973894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110771)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.14.69.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110771/; classtype:trojan-activity;sid:83973871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110773)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.134.12.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110773/; classtype:trojan-activity;sid:83973873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110764)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.60.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110764/; classtype:trojan-activity;sid:83973864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110758)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.40.63.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110758/; classtype:trojan-activity;sid:83973858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110636)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.36.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110636/; classtype:trojan-activity;sid:83973736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110626)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.14.213.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110626/; classtype:trojan-activity;sid:83973726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110579)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.15.224.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110579/; classtype:trojan-activity;sid:83973679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110554)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.60.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110554/; classtype:trojan-activity;sid:83973654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110534)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.154.14.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110534/; classtype:trojan-activity;sid:83973634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110510)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.224.213.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110510/; classtype:trojan-activity;sid:83973610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110511)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.55.250.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110511/; classtype:trojan-activity;sid:83973611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110487)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/runtime.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110487/; classtype:trojan-activity;sid:83973587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110485)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gsprout.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110485/; classtype:trojan-activity;sid:83973585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110484)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stub.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110484/; classtype:trojan-activity;sid:83973584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110482)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/file1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110482/; classtype:trojan-activity;sid:83973582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110483)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/js.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110483/; classtype:trojan-activity;sid:83973583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110402)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mobiletrans.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110402/; classtype:trojan-activity;sid:83973502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110401)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zzzz1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110401/; classtype:trojan-activity;sid:83973501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110395)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/armanivenntii_crypted_easy.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110395/; classtype:trojan-activity;sid:83973495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110396)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5_6190317556063017550.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110396/; classtype:trojan-activity;sid:83973496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110397)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pctoccurred.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110397/; classtype:trojan-activity;sid:83973497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110398)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/doc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110398/; classtype:trojan-activity;sid:83973498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110399)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110399/; classtype:trojan-activity;sid:83973499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110400)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rorukal.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110400/; classtype:trojan-activity;sid:83973500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110389)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/northsperm.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110389/; classtype:trojan-activity;sid:83973489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110390)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mepaxil.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110390/; classtype:trojan-activity;sid:83973490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110391)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ukodbcdcl.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110391/; classtype:trojan-activity;sid:83973491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110392)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/semiconductornot.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110392/; classtype:trojan-activity;sid:83973492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110393)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/scheduledllama.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110393/; classtype:trojan-activity;sid:83973493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110394)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/14082024.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110394/; classtype:trojan-activity;sid:83973494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110001)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/hogs.u32"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dnvk1.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110001/; classtype:trojan-activity;sid:83973101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109981)"; flow:established,from_client; content:"GET"; http_method; content:"/in/2041.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109981/; classtype:trojan-activity;sid:83973081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109982)"; flow:established,from_client; content:"GET"; http_method; content:"/in/204.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109982/; classtype:trojan-activity;sid:83973082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109980)"; flow:established,from_client; content:"GET"; http_method; content:"/in/d204.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109980/; classtype:trojan-activity;sid:83973080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.204.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109695/; classtype:trojan-activity;sid:83972795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109697)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109697/; classtype:trojan-activity;sid:83972797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109452)"; flow:established,from_client; content:"GET"; http_method; content:"/images/002/537/415/full/whatsapp-logo-3-1.png|3f|1584245765"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109452/; classtype:trojan-activity;sid:83972552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109453)"; flow:established,from_client; content:"GET"; http_method; content:"/images/003/140/933/full/capturar.jpg|3f|1616184212"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109453/; classtype:trojan-activity;sid:83972553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109449)"; flow:established,from_client; content:"GET"; http_method; content:"/images/001/967/434/thumb/button.png"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109449/; classtype:trojan-activity;sid:83972549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109439)"; flow:established,from_client; content:"GET"; http_method; content:"/images/001/752/720/original/granitex.jpg|3f|1543516565"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109439/; classtype:trojan-activity;sid:83972539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109425)"; flow:established,from_client; content:"GET"; http_method; content:"/images/001/881/106/original/youtube.png|3f|1549480063"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109425/; classtype:trojan-activity;sid:83972525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109428)"; flow:established,from_client; content:"GET"; http_method; content:"/images/003/620/770/original/f284.jpg|3f|1641668895"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109428/; classtype:trojan-activity;sid:83972528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.200.248.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109419/; classtype:trojan-activity;sid:83972519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109406)"; flow:established,from_client; content:"GET"; http_method; content:"/images/003/956/295/thumb/mplogo22.png|3f|1658783084"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109406/; classtype:trojan-activity;sid:83972506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109396)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/551/147/original/sky8.png|3f|1689864217"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109396/; classtype:trojan-activity;sid:83972496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109381)"; flow:established,from_client; content:"GET"; http_method; content:"/images/003/912/781/thumb/logomp.png|3f|1655966639"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109381/; classtype:trojan-activity;sid:83972481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109382)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/612/441/full/3.png|3f|1695085716"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109382/; classtype:trojan-activity;sid:83972482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109370)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/415/079/original/imagemtimfinal.png|3f|168039419"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109370/; classtype:trojan-activity;sid:83972470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109366)"; flow:established,from_client; content:"GET"; http_method; content:"/images/003/770/199/full/logo-meli-br_2x.png|3f|1647201315"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109366/; classtype:trojan-activity;sid:83972466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109348)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/191/985/thumb/logo_evolo.png|3f|1669730114"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109348/; classtype:trojan-activity;sid:83972448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109330)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/002/623/original/sky8.png|3f|1661860465"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109330/; classtype:trojan-activity;sid:83972430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109314)"; flow:established,from_client; content:"GET"; http_method; content:"/images/002/976/790/full/cef.png|3f|1606180852"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109314/; classtype:trojan-activity;sid:83972414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109309)"; flow:established,from_client; content:"GET"; http_method; content:"/images/001/031/327/full/qpppppppppp.png|3f|1502141344"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109309/; classtype:trojan-activity;sid:83972409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109303)"; flow:established,from_client; content:"GET"; http_method; content:"/images/001/980/628/full/logo_it_9as8d7f.png|3f|1553264394"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109303/; classtype:trojan-activity;sid:83972403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.204.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109308/; classtype:trojan-activity;sid:83972408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109299)"; flow:established,from_client; content:"GET"; http_method; content:"/images/003/972/981/full/manoel_santos.png|3f|1659978692"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109299/; classtype:trojan-activity;sid:83972399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109300)"; flow:established,from_client; content:"GET"; http_method; content:"/images/000/889/191/full/cntt_prem.jpg|3f|1492018078"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109300/; classtype:trojan-activity;sid:83972400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109297)"; flow:established,from_client; content:"GET"; http_method; content:"/images/002/953/380/full/14pontos14jogos.jpeg|3f|1604940236"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109297/; classtype:trojan-activity;sid:83972397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109291)"; flow:established,from_client; content:"GET"; http_method; content:"/images/002/857/684/full/arte_oficial.jpg|3f|1598893173"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109291/; classtype:trojan-activity;sid:83972391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109280)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/039/779/full/amendujt.png|3f|1664339064"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109280/; classtype:trojan-activity;sid:83972380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109270)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/759/645/original/0004.jpg|3f|1711126095"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109270/; classtype:trojan-activity;sid:83972370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109264)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/382/855/full/liveptsveasbrad.jpg|3f|1678339424"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109264/; classtype:trojan-activity;sid:83972364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.204.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109080/; classtype:trojan-activity;sid:83972180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109072)"; flow:established,from_client; content:"GET"; http_method; content:"/download/new_image/new_image.jpg"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109072/; classtype:trojan-activity;sid:83972172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108504)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/webcam.dll"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108504/; classtype:trojan-activity;sid:83971604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108505)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/token%20grabber.dll"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108505/; classtype:trojan-activity;sid:83971605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108506)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/rootkit.dll"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108506/; classtype:trojan-activity;sid:83971606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108507)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/unrootkit.dll"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108507/; classtype:trojan-activity;sid:83971607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108503)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108503/; classtype:trojan-activity;sid:83971603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108502)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/version.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108502/; classtype:trojan-activity;sid:83971602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108492)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/openark64.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108492/; classtype:trojan-activity;sid:83971592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108459)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/robotic.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108459/; classtype:trojan-activity;sid:83971559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.200.248.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108019/; classtype:trojan-activity;sid:83971119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106840)"; flow:established,from_client; content:"GET"; http_method; content:"/tool/extreme%20injector%20v3.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"124.220.235.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106840/; classtype:trojan-activity;sid:83969940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106837)"; flow:established,from_client; content:"GET"; http_method; content:"/qexswfv"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"8.219.57.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106837/; classtype:trojan-activity;sid:83969937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106560)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120646if_/http:/154.216.19.139/bins/mirai.armv4l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106560/; classtype:trojan-activity;sid:83969660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106559)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122936if_/http:/154.216.19.139/bins/mirai.gnueabihf"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106559/; classtype:trojan-activity;sid:83969659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106558)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120223if_/http:/154.216.19.139/bins/mirai.bin"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106558/; classtype:trojan-activity;sid:83969658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106556)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121041if_/http:/154.216.19.139/bins/mirai.armv6l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106556/; classtype:trojan-activity;sid:83969656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106557)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808123114if_/http:/154.216.19.139/bins/mirai.arc"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106557/; classtype:trojan-activity;sid:83969657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106551)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122755if_/http:/154.216.19.139/bins/mirai.x86_64"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106551/; classtype:trojan-activity;sid:83969651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106552)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121121if_/http:/154.216.19.139/bins/mirai.armv7l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106552/; classtype:trojan-activity;sid:83969652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106553)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120945if_/http:/154.216.19.139/bins/mirai.armv5l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106553/; classtype:trojan-activity;sid:83969653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106554)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122159if_/http:/154.216.19.139/bins/mirai.powerpc"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106554/; classtype:trojan-activity;sid:83969654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106555)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121832if_/http:/154.216.19.139/bins/mirai.mipsel"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106555/; classtype:trojan-activity;sid:83969655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106396)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/msedge.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106396/; classtype:trojan-activity;sid:83969496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105147)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/test_move.bat"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105147/; classtype:trojan-activity;sid:83968247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105148)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/test_virus.bat"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105148/; classtype:trojan-activity;sid:83968248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105149)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/keylogger.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105149/; classtype:trojan-activity;sid:83968249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105150)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/networks_profile.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105150/; classtype:trojan-activity;sid:83968250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105145)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/backdoor.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105145/; classtype:trojan-activity;sid:83968245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105146)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/fill_storage_move.bat"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105146/; classtype:trojan-activity;sid:83968246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105144)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/fill_storage_virus.bat"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105144/; classtype:trojan-activity;sid:83968244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103617)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/out_test_sig.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103617/; classtype:trojan-activity;sid:83966717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103510)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.248.13.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103510/; classtype:trojan-activity;sid:83966610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103505)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"165.220.134.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103505/; classtype:trojan-activity;sid:83966605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103503)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.150.43.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103503/; classtype:trojan-activity;sid:83966603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103496)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.118.248.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103496/; classtype:trojan-activity;sid:83966596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103490)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.122.165.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103490/; classtype:trojan-activity;sid:83966590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103488)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103488/; classtype:trojan-activity;sid:83966588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103489)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103489/; classtype:trojan-activity;sid:83966589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103486)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.217.175.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103486/; classtype:trojan-activity;sid:83966586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103482)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.255.218.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103482/; classtype:trojan-activity;sid:83966582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103476)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103476/; classtype:trojan-activity;sid:83966576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103477)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.115.56.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103477/; classtype:trojan-activity;sid:83966577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103467)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.241.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103467/; classtype:trojan-activity;sid:83966567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103463)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.10.240.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103463/; classtype:trojan-activity;sid:83966563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103464)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.230.143.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103464/; classtype:trojan-activity;sid:83966564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103420)"; flow:established,from_client; content:"GET"; http_method; content:"/fms/photo.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"47.236.23.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103420/; classtype:trojan-activity;sid:83966520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103419)"; flow:established,from_client; content:"GET"; http_method; content:"/fms/video.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"47.236.23.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103419/; classtype:trojan-activity;sid:83966519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103416)"; flow:established,from_client; content:"GET"; http_method; content:"/docker-compose/video.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"47.236.23.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103416/; classtype:trojan-activity;sid:83966516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103417)"; flow:established,from_client; content:"GET"; http_method; content:"/docker-compose/photo.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"47.236.23.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103417/; classtype:trojan-activity;sid:83966517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103418)"; flow:established,from_client; content:"GET"; http_method; content:"/docker-compose/av.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"47.236.23.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103418/; classtype:trojan-activity;sid:83966518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103415)"; flow:established,from_client; content:"GET"; http_method; content:"/fms/av.scr"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"47.236.23.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103415/; classtype:trojan-activity;sid:83966515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103406)"; flow:established,from_client; content:"GET"; http_method; content:"/docker-compose/video.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"47.236.23.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103406/; classtype:trojan-activity;sid:83966506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103407)"; flow:established,from_client; content:"GET"; http_method; content:"/fms/av.lnk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"47.236.23.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103407/; classtype:trojan-activity;sid:83966507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103408)"; flow:established,from_client; content:"GET"; http_method; content:"/fms/video.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"47.236.23.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103408/; classtype:trojan-activity;sid:83966508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103409)"; flow:established,from_client; content:"GET"; http_method; content:"/2019/bkbvideos/photo.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103409/; classtype:trojan-activity;sid:83966509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103410)"; flow:established,from_client; content:"GET"; http_method; content:"/fms/photo.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"47.236.23.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103410/; classtype:trojan-activity;sid:83966510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103411)"; flow:established,from_client; content:"GET"; http_method; content:"/docker-compose/av.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"47.236.23.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103411/; classtype:trojan-activity;sid:83966511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103412)"; flow:established,from_client; content:"GET"; http_method; content:"/docker-compose/photo.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"47.236.23.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103412/; classtype:trojan-activity;sid:83966512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103413)"; flow:established,from_client; content:"GET"; http_method; content:"/2019/bkbvideos/av.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103413/; classtype:trojan-activity;sid:83966513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103414)"; flow:established,from_client; content:"GET"; http_method; content:"/2019/bkbvideos/video.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103414/; classtype:trojan-activity;sid:83966514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103396)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103396/; classtype:trojan-activity;sid:83966496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103394)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103394/; classtype:trojan-activity;sid:83966494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103395)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103395/; classtype:trojan-activity;sid:83966495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103368)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.92.101.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103368/; classtype:trojan-activity;sid:83966468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103351)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103351/; classtype:trojan-activity;sid:83966451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103339)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103339/; classtype:trojan-activity;sid:83966439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103340)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103340/; classtype:trojan-activity;sid:83966440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103197)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cookie250.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103197/; classtype:trojan-activity;sid:83966297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3102194)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/nano.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3102194/; classtype:trojan-activity;sid:83965294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3102108)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1111.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3102108/; classtype:trojan-activity;sid:83965208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101697)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identifications.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101697/; classtype:trojan-activity;sid:83964797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101696)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pimer_bbbcontents7.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101696/; classtype:trojan-activity;sid:83964796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101658)"; flow:established,from_client; content:"GET"; http_method; content:"/documents.elf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101658/; classtype:trojan-activity;sid:83964758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101655)"; flow:established,from_client; content:"GET"; http_method; content:"/documents.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101655/; classtype:trojan-activity;sid:83964755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101646)"; flow:established,from_client; content:"GET"; http_method; content:"/organiser.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101646/; classtype:trojan-activity;sid:83964746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101647)"; flow:established,from_client; content:"GET"; http_method; content:"/mimikatz_trunk.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101647/; classtype:trojan-activity;sid:83964747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101638)"; flow:established,from_client; content:"GET"; http_method; content:"/extension.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101638/; classtype:trojan-activity;sid:83964738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101202)"; flow:established,from_client; content:"GET"; http_method; content:"/installkitnew90/setupnew3/raw/5b5d1a339e750dfcc24fd8a7805629dd300db45b/g2m.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101202/; classtype:trojan-activity;sid:83964302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101203)"; flow:established,from_client; content:"GET"; http_method; content:"/installkitnew90/setupnew3/raw/f6a9d2071e5b6947d79a7e0bba8e57326fcd76e9/aperturelab.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101203/; classtype:trojan-activity;sid:83964303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101191)"; flow:established,from_client; content:"GET"; http_method; content:"/installkitnew90/setup1055/raw/main/installerpack_20.1.23770_win64.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101191/; classtype:trojan-activity;sid:83964291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101087)"; flow:established,from_client; content:"GET"; http_method; content:"/installkitnew90/setupnew3/releases/download/setupnew/install.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101087/; classtype:trojan-activity;sid:83964187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100622)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/request.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3100622/; classtype:trojan-activity;sid:83963722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100103)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthclient.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100103/; classtype:trojan-activity;sid:83963203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100102)"; flow:established,from_client; content:"GET"; http_method; content:"/ggws.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100102/; classtype:trojan-activity;sid:83963202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100100)"; flow:established,from_client; content:"GET"; http_method; content:"/ggwsupdate.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100100/; classtype:trojan-activity;sid:83963200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100042)"; flow:established,from_client; content:"GET"; http_method; content:"/joelgmsec/invoke-stealth/main/resources/betterxencrypt/betterxencrypt.ps1"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100042/; classtype:trojan-activity;sid:83963142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099961)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122448if_/http:/154.216.19.139/bins/mirai.sh4"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099961/; classtype:trojan-activity;sid:83963061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099962)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121230if_/http:/154.216.19.139/bins/mirai.i586"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099962/; classtype:trojan-activity;sid:83963062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099963)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122636if_/http:/154.216.19.139/bins/mirai.sparc"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099963/; classtype:trojan-activity;sid:83963063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099965)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121347if_/http:/154.216.19.139/bins/mirai.m68k"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099965/; classtype:trojan-activity;sid:83963065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099966)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121419if_/http:/154.216.19.139/bins/mirai.mips"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099966/; classtype:trojan-activity;sid:83963066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099960)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121308if_/http:/154.216.19.139/bins/mirai.i686"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099960/; classtype:trojan-activity;sid:83963060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099892)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099892/; classtype:trojan-activity;sid:83962992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099893)"; flow:established,from_client; content:"GET"; http_method; content:"/event.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099893/; classtype:trojan-activity;sid:83962993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099876)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099876/; classtype:trojan-activity;sid:83962976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099818)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/authenticator222.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099818/; classtype:trojan-activity;sid:83962918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099812)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/annesalt.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099812/; classtype:trojan-activity;sid:83962912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099813)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/considerablewinners.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099813/; classtype:trojan-activity;sid:83962913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099814)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/uhigdbf.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099814/; classtype:trojan-activity;sid:83962914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099815)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/redsystem.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099815/; classtype:trojan-activity;sid:83962915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099816)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/yoyf.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099816/; classtype:trojan-activity;sid:83962916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099810)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vhpcde.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099810/; classtype:trojan-activity;sid:83962910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099811)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cudo.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099811/; classtype:trojan-activity;sid:83962911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099808)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/300.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099808/; classtype:trojan-activity;sid:83962908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099809)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/343dsxs.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099809/; classtype:trojan-activity;sid:83962909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099807)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/amadey.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099807/; classtype:trojan-activity;sid:83962907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099776)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/team.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099776/; classtype:trojan-activity;sid:83962876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099772)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/consoleapp3.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099772/; classtype:trojan-activity;sid:83962872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099774)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/client.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099774/; classtype:trojan-activity;sid:83962874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099762)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/opdxdyeul.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099762/; classtype:trojan-activity;sid:83962862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099760)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/06082025.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099760/; classtype:trojan-activity;sid:83962860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3098125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.63.155.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3098125/; classtype:trojan-activity;sid:83961225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097654)"; flow:established,from_client; content:"GET"; http_method; content:"/r2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.180.196.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097654/; classtype:trojan-activity;sid:83960754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097476)"; flow:established,from_client; content:"GET"; http_method; content:"/js/test.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.sumiyuki.co.jp"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097476/; classtype:trojan-activity;sid:83960576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097429)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/operation6572.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097429/; classtype:trojan-activity;sid:83960529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097297)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/armadegon.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097297/; classtype:trojan-activity;sid:83960397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097244)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120223if_/http://154.216.19.139/bins/mirai.bin"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097244/; classtype:trojan-activity;sid:83960344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097239)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122755if_/http://154.216.19.139/bins/mirai.x86_64"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097239/; classtype:trojan-activity;sid:83960339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097240)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121041if_/http://154.216.19.139/bins/mirai.armv6l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097240/; classtype:trojan-activity;sid:83960340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097241)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121230if_/http://154.216.19.139/bins/mirai.i586"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097241/; classtype:trojan-activity;sid:83960341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097242)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122636if_/http://154.216.19.139/bins/mirai.sparc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097242/; classtype:trojan-activity;sid:83960342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097243)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121308if_/http://154.216.19.139/bins/mirai.i686"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097243/; classtype:trojan-activity;sid:83960343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097229)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122159if_/http://154.216.19.139/bins/mirai.powerpc"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097229/; classtype:trojan-activity;sid:83960329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097230)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121347if_/http://154.216.19.139/bins/mirai.m68k"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097230/; classtype:trojan-activity;sid:83960330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097231)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121121if_/http://154.216.19.139/bins/mirai.armv7l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097231/; classtype:trojan-activity;sid:83960331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097232)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808123114if_/http://154.216.19.139/bins/mirai.arc"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097232/; classtype:trojan-activity;sid:83960332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097233)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122448if_/http://154.216.19.139/bins/mirai.sh4"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097233/; classtype:trojan-activity;sid:83960333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097234)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121832if_/http://154.216.19.139/bins/mirai.mipsel"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097234/; classtype:trojan-activity;sid:83960334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097235)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120945if_/http://154.216.19.139/bins/mirai.armv5l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097235/; classtype:trojan-activity;sid:83960335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097236)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120646if_/http://154.216.19.139/bins/mirai.armv4l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097236/; classtype:trojan-activity;sid:83960336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097237)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122936if_/http://154.216.19.139/bins/mirai.gnueabihf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097237/; classtype:trojan-activity;sid:83960337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097238)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121419if_/http://154.216.19.139/bins/mirai.mips"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097238/; classtype:trojan-activity;sid:83960338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097110)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rage.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097110/; classtype:trojan-activity;sid:83960210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/1.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"inspirepk.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096571/; classtype:trojan-activity;sid:83959671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096545)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/30072024.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096545/; classtype:trojan-activity;sid:83959645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096542)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kitty.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096542/; classtype:trojan-activity;sid:83959642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096543)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_default.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096543/; classtype:trojan-activity;sid:83959643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096544)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gold.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096544/; classtype:trojan-activity;sid:83959644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096428)"; flow:established,from_client; content:"GET"; http_method; content:"/d/filecontains.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096428/; classtype:trojan-activity;sid:83959528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096417)"; flow:established,from_client; content:"GET"; http_method; content:"/d/filecontains.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096417/; classtype:trojan-activity;sid:83959517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096404)"; flow:established,from_client; content:"GET"; http_method; content:"/d/filecontains.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096404/; classtype:trojan-activity;sid:83959504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096385)"; flow:established,from_client; content:"GET"; http_method; content:"/d/filecontains.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096385/; classtype:trojan-activity;sid:83959485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095225)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/skylightets.chm"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095225/; classtype:trojan-activity;sid:83958325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095226)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/coffer.dsp"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095226/; classtype:trojan-activity;sid:83958326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095227)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/asynartete.csv"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095227/; classtype:trojan-activity;sid:83958327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095228)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/antibureaukratiske.thn"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095228/; classtype:trojan-activity;sid:83958328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095229)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/elendil.sea"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095229/; classtype:trojan-activity;sid:83958329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095230)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/maalmndene.aca"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095230/; classtype:trojan-activity;sid:83958330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095231)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/coffer.dsp"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095231/; classtype:trojan-activity;sid:83958331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095232)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/bravurariers.jpb"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095232/; classtype:trojan-activity;sid:83958332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095233)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/antibureaukratiske.thn"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095233/; classtype:trojan-activity;sid:83958333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095234)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/dividedness.prx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095234/; classtype:trojan-activity;sid:83958334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095235)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/asynartete.csv"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095235/; classtype:trojan-activity;sid:83958335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095236)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/dividedness.prx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095236/; classtype:trojan-activity;sid:83958336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095237)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/bravurariers.jpb"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095237/; classtype:trojan-activity;sid:83958337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095238)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/elendil.sea"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095238/; classtype:trojan-activity;sid:83958338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095216)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/maalmndene.aca"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095216/; classtype:trojan-activity;sid:83958316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095217)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/neobotany.ttf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095217/; classtype:trojan-activity;sid:83958317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095218)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/skylightets.chm"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095218/; classtype:trojan-activity;sid:83958318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095219)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/greensand.ocx"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095219/; classtype:trojan-activity;sid:83958319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095220)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/neobotany.ttf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095220/; classtype:trojan-activity;sid:83958320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095221)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/frysetjet.afm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095221/; classtype:trojan-activity;sid:83958321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095224)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/sabellarian.xtp"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095224/; classtype:trojan-activity;sid:83958324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095209)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/hyimyakzawecsybww56.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095209/; classtype:trojan-activity;sid:83958309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095210)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/xmay.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095210/; classtype:trojan-activity;sid:83958310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095211)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/xmay.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095211/; classtype:trojan-activity;sid:83958311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095212)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/hmay.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095212/; classtype:trojan-activity;sid:83958312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095213)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/hmay.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095213/; classtype:trojan-activity;sid:83958313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095200)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/tvldv58.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095200/; classtype:trojan-activity;sid:83958300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095201)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/hvilkes-receipt.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095201/; classtype:trojan-activity;sid:83958301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095202)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/tvldv58.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095202/; classtype:trojan-activity;sid:83958302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095203)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/hvilkes-receipt.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095203/; classtype:trojan-activity;sid:83958303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095204)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/amqoybipylocgmzvu24.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095204/; classtype:trojan-activity;sid:83958304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095205)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/hyimyakzawecsybww56.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095205/; classtype:trojan-activity;sid:83958305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095206)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/yjjosxrdwjdyinhy170.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095206/; classtype:trojan-activity;sid:83958306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095208)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/yjjosxrdwjdyinhy170.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095208/; classtype:trojan-activity;sid:83958308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095197)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/uuknofmycamfwiety113.bin"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095197/; classtype:trojan-activity;sid:83958297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095198)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/uuknofmycamfwiety113.bin"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095198/; classtype:trojan-activity;sid:83958298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095199)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/jdaac179.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095199/; classtype:trojan-activity;sid:83958299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095195)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/jdaac179.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095195/; classtype:trojan-activity;sid:83958295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095187)"; flow:established,from_client; content:"GET"; http_method; content:"/cs/smalmed.jpb"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095187/; classtype:trojan-activity;sid:83958287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095188)"; flow:established,from_client; content:"GET"; http_method; content:"/cs/smalmed.jpb"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095188/; classtype:trojan-activity;sid:83958288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095189)"; flow:established,from_client; content:"GET"; http_method; content:"/cs/rrknoglerne.asd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095189/; classtype:trojan-activity;sid:83958289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095186)"; flow:established,from_client; content:"GET"; http_method; content:"/cs/rrknoglerne.asd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095186/; classtype:trojan-activity;sid:83958286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095185)"; flow:established,from_client; content:"GET"; http_method; content:"/cs/ygxzbugu144.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.ranchoboscardin.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095185/; classtype:trojan-activity;sid:83958285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095184)"; flow:established,from_client; content:"GET"; http_method; content:"/cs/ygxzbugu144.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095184/; classtype:trojan-activity;sid:83958284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095177)"; flow:established,from_client; content:"GET"; http_method; content:"/blink"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"152.168.125.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095177/; classtype:trojan-activity;sid:83958277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3094781)"; flow:established,from_client; content:"GET"; http_method; content:"/logon.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.15.9.44"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3094781/; classtype:trojan-activity;sid:83957881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093388)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093388/; classtype:trojan-activity;sid:83956488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093383)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.236.19.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093383/; classtype:trojan-activity;sid:83956483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093191)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.243.175.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093191/; classtype:trojan-activity;sid:83956291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093153)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.36.117.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093153/; classtype:trojan-activity;sid:83956253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093129)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"58.137.140.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093129/; classtype:trojan-activity;sid:83956229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093133)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"20.5.43.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093133/; classtype:trojan-activity;sid:83956233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093125)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.55.250.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093125/; classtype:trojan-activity;sid:83956225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093077)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.2.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093077/; classtype:trojan-activity;sid:83956177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093012)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.200.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093012/; classtype:trojan-activity;sid:83956112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092998)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.113.179.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092998/; classtype:trojan-activity;sid:83956098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092963)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.54.199.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092963/; classtype:trojan-activity;sid:83956063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092930)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.60.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092930/; classtype:trojan-activity;sid:83956030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092916)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.100.196.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092916/; classtype:trojan-activity;sid:83956016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092888)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.92.95.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092888/; classtype:trojan-activity;sid:83955988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092877)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.175.101.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092877/; classtype:trojan-activity;sid:83955977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092881)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.16.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092881/; classtype:trojan-activity;sid:83955981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091753)"; flow:established,from_client; content:"GET"; http_method; content:"/oct/av.scr"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091753/; classtype:trojan-activity;sid:83954853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091745)"; flow:established,from_client; content:"GET"; http_method; content:"/oct/photo.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091745/; classtype:trojan-activity;sid:83954845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091743)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.175.24.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091743/; classtype:trojan-activity;sid:83954843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091738)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.175.24.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091738/; classtype:trojan-activity;sid:83954838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091729)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"41.230.16.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091729/; classtype:trojan-activity;sid:83954829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091730)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.175.24.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091730/; classtype:trojan-activity;sid:83954830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091732)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.236.23.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091732/; classtype:trojan-activity;sid:83954832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091734)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.230.16.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091734/; classtype:trojan-activity;sid:83954834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091735)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"41.230.16.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091735/; classtype:trojan-activity;sid:83954835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091725)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"41.230.16.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091725/; classtype:trojan-activity;sid:83954825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091727)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"41.230.16.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091727/; classtype:trojan-activity;sid:83954827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091723)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.236.23.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091723/; classtype:trojan-activity;sid:83954823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091709)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.230.16.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091709/; classtype:trojan-activity;sid:83954809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091696)"; flow:established,from_client; content:"GET"; http_method; content:"/oct/video.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091696/; classtype:trojan-activity;sid:83954796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091697)"; flow:established,from_client; content:"GET"; http_method; content:"/oct/photo.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091697/; classtype:trojan-activity;sid:83954797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091673)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.236.23.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091673/; classtype:trojan-activity;sid:83954773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091665)"; flow:established,from_client; content:"GET"; http_method; content:"/oct/av.lnk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091665/; classtype:trojan-activity;sid:83954765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091659)"; flow:established,from_client; content:"GET"; http_method; content:"/oct/video.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091659/; classtype:trojan-activity;sid:83954759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3090349)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_08_05; reference:url, urlhaus.abuse.ch/url/3090349/; classtype:trojan-activity;sid:83953449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3089687)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clsid.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_05; reference:url, urlhaus.abuse.ch/url/3089687/; classtype:trojan-activity;sid:83952787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3089612)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3544436.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_05; reference:url, urlhaus.abuse.ch/url/3089612/; classtype:trojan-activity;sid:83952712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3089019)"; flow:established,from_client; content:"GET"; http_method; content:"/abc.xlsx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.42.55.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3089019/; classtype:trojan-activity;sid:83952119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3089022)"; flow:established,from_client; content:"GET"; http_method; content:"/abc.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.42.55.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3089022/; classtype:trojan-activity;sid:83952122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3089016)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.42.55.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3089016/; classtype:trojan-activity;sid:83952116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3089017)"; flow:established,from_client; content:"GET"; http_method; content:"/game.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.42.55.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3089017/; classtype:trojan-activity;sid:83952117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3089018)"; flow:established,from_client; content:"GET"; http_method; content:"/adrtest1.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.42.55.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3089018/; classtype:trojan-activity;sid:83952118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088913)"; flow:established,from_client; content:"GET"; http_method; content:"/%5bwww.ghxi.com%5d%e7%93%9c%e5%ad%90%e5%bd%b1%e8%a7%86v2_v1.9.1.1.apk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"47.109.77.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088913/; classtype:trojan-activity;sid:83952013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088911)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%88%91%e7%9a%84%e7%94%b5%e8%a7%86tv-v2.1.8-%e5%85%8d%e8%b4%b9%e7%ba%af%e5%87%80%e7%89%88.apk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"47.109.77.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088911/; classtype:trojan-activity;sid:83952011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088875)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"140.238.85.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088875/; classtype:trojan-activity;sid:83951975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088858)"; flow:established,from_client; content:"GET"; http_method; content:"/1722087714.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.116.192.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088858/; classtype:trojan-activity;sid:83951958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088857)"; flow:established,from_client; content:"GET"; http_method; content:"/r"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.116.192.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088857/; classtype:trojan-activity;sid:83951957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088362)"; flow:established,from_client; content:"GET"; http_method; content:"/utility.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088362/; classtype:trojan-activity;sid:83951462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088306)"; flow:established,from_client; content:"GET"; http_method; content:"/dtl.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.251.102.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088306/; classtype:trojan-activity;sid:83951406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088292)"; flow:established,from_client; content:"GET"; http_method; content:"/launcher.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088292/; classtype:trojan-activity;sid:83951392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3087715)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cbmefxrmnv.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3087715/; classtype:trojan-activity;sid:83950815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3087662)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/systems.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3087662/; classtype:trojan-activity;sid:83950762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3087649)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3087649/; classtype:trojan-activity;sid:83950749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086915)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/rssh"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"park.chuitian.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086915/; classtype:trojan-activity;sid:83950015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086914)"; flow:established,from_client; content:"GET"; http_method; content:"/fucksupershell"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rd.chuitian.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086914/; classtype:trojan-activity;sid:83950014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086911)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/n"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"ciscocdn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086911/; classtype:trojan-activity;sid:83950011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086908)"; flow:established,from_client; content:"GET"; http_method; content:"/rssh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"rd.chuitian.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086908/; classtype:trojan-activity;sid:83950008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086907)"; flow:established,from_client; content:"GET"; http_method; content:"/rssh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"park.chuitian.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086907/; classtype:trojan-activity;sid:83950007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086906)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/rssh"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"rd.chuitian.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086906/; classtype:trojan-activity;sid:83950006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086899)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/x64"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"ciscocdn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086899/; classtype:trojan-activity;sid:83949999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086854)"; flow:established,from_client; content:"GET"; http_method; content:"/d2/cdclient.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"dld.jxwan.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086854/; classtype:trojan-activity;sid:83949954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086853)"; flow:established,from_client; content:"GET"; http_method; content:"/d2/x64.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dld.jxwan.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086853/; classtype:trojan-activity;sid:83949953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086850)"; flow:established,from_client; content:"GET"; http_method; content:"/flowers/flowers1//three-daisies.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086850/; classtype:trojan-activity;sid:83949950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086851)"; flow:established,from_client; content:"GET"; http_method; content:"/flowers/flowers1//yellow-rose.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086851/; classtype:trojan-activity;sid:83949951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086849)"; flow:established,from_client; content:"GET"; http_method; content:"/flowers/flowers1//smell-the-roses.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086849/; classtype:trojan-activity;sid:83949949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086848)"; flow:established,from_client; content:"GET"; http_method; content:"/down/tb/tb.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086848/; classtype:trojan-activity;sid:83949948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086847)"; flow:established,from_client; content:"GET"; http_method; content:"/down/jf/jf.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086847/; classtype:trojan-activity;sid:83949947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086846)"; flow:established,from_client; content:"GET"; http_method; content:"/greetings//greetings1/wow.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086846/; classtype:trojan-activity;sid:83949946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086844)"; flow:established,from_client; content:"GET"; http_method; content:"/greetings//greetings1/whats-new.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086844/; classtype:trojan-activity;sid:83949944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086843)"; flow:established,from_client; content:"GET"; http_method; content:"/greetings//greetings1/hiya.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086843/; classtype:trojan-activity;sid:83949943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086829)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1//jet.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086829/; classtype:trojan-activity;sid:83949929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086830)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1//sunset1.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086830/; classtype:trojan-activity;sid:83949930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086831)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1/china.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086831/; classtype:trojan-activity;sid:83949931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086832)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1//foggy-mountains.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086832/; classtype:trojan-activity;sid:83949932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086833)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1//mountain-pasture.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086833/; classtype:trojan-activity;sid:83949933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086828)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1//china.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086828/; classtype:trojan-activity;sid:83949928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086742)"; flow:established,from_client; content:"GET"; http_method; content:"/ps.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"35.185.187.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086742/; classtype:trojan-activity;sid:83949842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086743)"; flow:established,from_client; content:"GET"; http_method; content:"/ss.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"35.185.187.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086743/; classtype:trojan-activity;sid:83949843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086740)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrok.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"35.185.187.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086740/; classtype:trojan-activity;sid:83949840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086739)"; flow:established,from_client; content:"GET"; http_method; content:"/conhost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"35.185.187.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086739/; classtype:trojan-activity;sid:83949839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086738)"; flow:established,from_client; content:"GET"; http_method; content:"/1.bat"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"35.185.187.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086738/; classtype:trojan-activity;sid:83949838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086419)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%e6%a4%8d%e7%89%a9%e5%a4%a7%e6%88%98%e5%83%b5%e5%b0%b82%e4%bf%ae%e6%94%b9%e5%99%a8.exe"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086419/; classtype:trojan-activity;sid:83949519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086416)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/x64"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"43.134.118.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086416/; classtype:trojan-activity;sid:83949516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086415)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%e6%88%91%e7%9a%84%e4%b8%96%e7%95%8c_%e5%ad%a4%e5%b2%9b%e6%83%8a%e9%ad%823.exe"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086415/; classtype:trojan-activity;sid:83949515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086407)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/2.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086407/; classtype:trojan-activity;sid:83949507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086408)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%e5%b0%8f%e9%b8%a1%e5%85%a5%e4%be%b5%e8%80%853.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086408/; classtype:trojan-activity;sid:83949508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086404)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%d1%83%d1%81%d0%b5%d1%80%d0%bb%d0%be%d0%bd%d0%b32.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086404/; classtype:trojan-activity;sid:83949504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086405)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%e7%8b%99%e5%87%bb%e6%89%8b_%e5%b9%bd%e7%81%b5%e6%88%98%e5%a3%ab2%e7%ae%80%e4%bd%93%e4%b8%ad%e6%96%87%e7%89%88.exe"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086405/; classtype:trojan-activity;sid:83949505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086402)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%5bwin"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"117.72.74.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086402/; classtype:trojan-activity;sid:83949502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086403)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/3=====.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086403/; classtype:trojan-activity;sid:83949503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086395)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/3.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086395/; classtype:trojan-activity;sid:83949495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086388)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/n"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"43.134.118.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086388/; classtype:trojan-activity;sid:83949488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086390)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%5bwin"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"8.218.138.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086390/; classtype:trojan-activity;sid:83949490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3084981)"; flow:established,from_client; content:"GET"; http_method; content:"/chisel.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"4.180.120.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3084981/; classtype:trojan-activity;sid:83948081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3084922)"; flow:established,from_client; content:"GET"; http_method; content:"/temp/enginechromium.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"proanuncios.mx"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3084922/; classtype:trojan-activity;sid:83948022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3084371)"; flow:established,from_client; content:"GET"; http_method; content:"/update.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"114.55.34.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3084371/; classtype:trojan-activity;sid:83947471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083844)"; flow:established,from_client; content:"GET"; http_method; content:"/store_app/guardservice.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sgz-1302338321.cos.ap-guangzhou.myqcloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3083844/; classtype:trojan-activity;sid:83946944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083792)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/23c2343.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3083792/; classtype:trojan-activity;sid:83946892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083790)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-24_23-16.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3083790/; classtype:trojan-activity;sid:83946890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083248)"; flow:established,from_client; content:"GET"; http_method; content:"/view.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sister-1324943887.cos.ap-guangzhou.myqcloud.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3083248/; classtype:trojan-activity;sid:83946348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083247)"; flow:established,from_client; content:"GET"; http_method; content:"/installer.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sister-1324943887.cos.ap-guangzhou.myqcloud.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3083247/; classtype:trojan-activity;sid:83946347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081942)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jsawdtyjde.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3081942/; classtype:trojan-activity;sid:83945042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081941)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mynewrdx.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3081941/; classtype:trojan-activity;sid:83945041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081930)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4434.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3081930/; classtype:trojan-activity;sid:83945030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.16.67.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_31; reference:url, urlhaus.abuse.ch/url/3081519/; classtype:trojan-activity;sid:83944619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081274)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac2.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_31; reference:url, urlhaus.abuse.ch/url/3081274/; classtype:trojan-activity;sid:83944374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081269)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_31; reference:url, urlhaus.abuse.ch/url/3081269/; classtype:trojan-activity;sid:83944369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3080574)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.118.152.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_31; reference:url, urlhaus.abuse.ch/url/3080574/; classtype:trojan-activity;sid:83943674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079797)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.147.132.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079797/; classtype:trojan-activity;sid:83942897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079718)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"120.77.253.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079718/; classtype:trojan-activity;sid:83942818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079460)"; flow:established,from_client; content:"GET"; http_method; content:"/webdav"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079460/; classtype:trojan-activity;sid:83942560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079150)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079150/; classtype:trojan-activity;sid:83942250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.16.67.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079051/; classtype:trojan-activity;sid:83942151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3078753)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/postbox.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3078753/; classtype:trojan-activity;sid:83941853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3078669)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_valenciga.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3078669/; classtype:trojan-activity;sid:83941769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3077115)"; flow:established,from_client; content:"GET"; http_method; content:"/api/update2.pack"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_29; reference:url, urlhaus.abuse.ch/url/3077115/; classtype:trojan-activity;sid:83940215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3077112)"; flow:established,from_client; content:"GET"; http_method; content:"/api/update.pack"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_29; reference:url, urlhaus.abuse.ch/url/3077112/; classtype:trojan-activity;sid:83940212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3076639)"; flow:established,from_client; content:"GET"; http_method; content:"/event.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.111.174.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_29; reference:url, urlhaus.abuse.ch/url/3076639/; classtype:trojan-activity;sid:83939739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3075283)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/authenticator.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3075283/; classtype:trojan-activity;sid:83938383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3075152)"; flow:established,from_client; content:"GET"; http_method; content:"/malware.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"dz0nhlj1q8ac3.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3075152/; classtype:trojan-activity;sid:83938252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3075047)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/anticheat.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3075047/; classtype:trojan-activity;sid:83938147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3075049)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-27_00-41.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3075049/; classtype:trojan-activity;sid:83938149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3074802)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhostc.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3074802/; classtype:trojan-activity;sid:83937902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3074142)"; flow:established,from_client; content:"GET"; http_method; content:"/chromedump.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"158.140.133.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3074142/; classtype:trojan-activity;sid:83937242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3073249)"; flow:established,from_client; content:"GET"; http_method; content:"/pages/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"51.77.140.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3073249/; classtype:trojan-activity;sid:83936349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072990)"; flow:established,from_client; content:"GET"; http_method; content:"/komasinfo/idcb/main/cbs_applcation_details_072602024_xlsx.rar"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072990/; classtype:trojan-activity;sid:83936090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072974)"; flow:established,from_client; content:"GET"; http_method; content:"/adrinnno/ptwis/raw/main/file_cbs_app_details_no-0923871691_xlsx.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072974/; classtype:trojan-activity;sid:83936074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072975)"; flow:established,from_client; content:"GET"; http_method; content:"/reporgu/fakado/raw/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072975/; classtype:trojan-activity;sid:83936075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072977)"; flow:established,from_client; content:"GET"; http_method; content:"/mendoza1123/rgya/raw/main/transaction_error_details_file_981209_jpeg.rar"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072977/; classtype:trojan-activity;sid:83936077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072978)"; flow:established,from_client; content:"GET"; http_method; content:"/komasinfo/idcb/raw/main/cbs_applcation_details_072602024_xlsx.rar"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072978/; classtype:trojan-activity;sid:83936078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072979)"; flow:established,from_client; content:"GET"; http_method; content:"/mendoza1123/rgya/main/transaction_error_details_file_981209_jpeg.rar"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072979/; classtype:trojan-activity;sid:83936079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072969)"; flow:established,from_client; content:"GET"; http_method; content:"/deannwas/policah/main/file_cbs_app_details_no-0923871691_xlsx.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072969/; classtype:trojan-activity;sid:83936069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072970)"; flow:established,from_client; content:"GET"; http_method; content:"/trevsglass/morna/main/ref_ba0929399122_pdf.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072970/; classtype:trojan-activity;sid:83936070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072971)"; flow:established,from_client; content:"GET"; http_method; content:"/trevsglass/morna/raw/main/ref_ba0929399122_pdf.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072971/; classtype:trojan-activity;sid:83936071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072972)"; flow:established,from_client; content:"GET"; http_method; content:"/reporgu/fakado/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072972/; classtype:trojan-activity;sid:83936072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072973)"; flow:established,from_client; content:"GET"; http_method; content:"/grayinv/henidus/raw/main/transaction_end_ids_58788719853478_pdf.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072973/; classtype:trojan-activity;sid:83936073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072521)"; flow:established,from_client; content:"GET"; http_method; content:"/mine/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072521/; classtype:trojan-activity;sid:83935621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071940)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071940/; classtype:trojan-activity;sid:83935040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071939)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pharmaciesdetection.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071939/; classtype:trojan-activity;sid:83935039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071844)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/influencednervous.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071844/; classtype:trojan-activity;sid:83934944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071843)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/buildred.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071843/; classtype:trojan-activity;sid:83934943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069729)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069729/; classtype:trojan-activity;sid:83932829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069343)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069343/; classtype:trojan-activity;sid:83932443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069334)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069334/; classtype:trojan-activity;sid:83932434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069242)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069242/; classtype:trojan-activity;sid:83932342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069239)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069239/; classtype:trojan-activity;sid:83932339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069082)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069082/; classtype:trojan-activity;sid:83932182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068965)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068965/; classtype:trojan-activity;sid:83932065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068942)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068942/; classtype:trojan-activity;sid:83932042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068937)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068937/; classtype:trojan-activity;sid:83932037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068939)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068939/; classtype:trojan-activity;sid:83932039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068940)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068940/; classtype:trojan-activity;sid:83932040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068918)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068918/; classtype:trojan-activity;sid:83932018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068905)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068905/; classtype:trojan-activity;sid:83932005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068889)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068889/; classtype:trojan-activity;sid:83931989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068892)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068892/; classtype:trojan-activity;sid:83931992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068876)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068876/; classtype:trojan-activity;sid:83931976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068878)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068878/; classtype:trojan-activity;sid:83931978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068828)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068828/; classtype:trojan-activity;sid:83931928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068829)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068829/; classtype:trojan-activity;sid:83931929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068844)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068844/; classtype:trojan-activity;sid:83931944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068822)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068822/; classtype:trojan-activity;sid:83931922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068820)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068820/; classtype:trojan-activity;sid:83931920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068792)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068792/; classtype:trojan-activity;sid:83931892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068783)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068783/; classtype:trojan-activity;sid:83931883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068778)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068778/; classtype:trojan-activity;sid:83931878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068779)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068779/; classtype:trojan-activity;sid:83931879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068731)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068731/; classtype:trojan-activity;sid:83931831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068736)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068736/; classtype:trojan-activity;sid:83931836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068727)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068727/; classtype:trojan-activity;sid:83931827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068707)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068707/; classtype:trojan-activity;sid:83931807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068710)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068710/; classtype:trojan-activity;sid:83931810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068711)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068711/; classtype:trojan-activity;sid:83931811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068699)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068699/; classtype:trojan-activity;sid:83931799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068693)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068693/; classtype:trojan-activity;sid:83931793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068694)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068694/; classtype:trojan-activity;sid:83931794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068696)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068696/; classtype:trojan-activity;sid:83931796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068668)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068668/; classtype:trojan-activity;sid:83931768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068667)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068667/; classtype:trojan-activity;sid:83931767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068646)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068646/; classtype:trojan-activity;sid:83931746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068655)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068655/; classtype:trojan-activity;sid:83931755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068599)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068599/; classtype:trojan-activity;sid:83931699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068584)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068584/; classtype:trojan-activity;sid:83931684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068569)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068569/; classtype:trojan-activity;sid:83931669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068538)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068538/; classtype:trojan-activity;sid:83931638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068540)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068540/; classtype:trojan-activity;sid:83931640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068546)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068546/; classtype:trojan-activity;sid:83931646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068351)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dccrypt.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068351/; classtype:trojan-activity;sid:83931451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068352)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/decryptjohn.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068352/; classtype:trojan-activity;sid:83931452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068353)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/server.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068353/; classtype:trojan-activity;sid:83931453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068350)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-25_20-56.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068350/; classtype:trojan-activity;sid:83931450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067426)"; flow:established,from_client; content:"GET"; http_method; content:"/well/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067426/; classtype:trojan-activity;sid:83930526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067427)"; flow:established,from_client; content:"GET"; http_method; content:"/soka/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067427/; classtype:trojan-activity;sid:83930527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067318)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2020.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067318/; classtype:trojan-activity;sid:83930418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067316)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gawdth.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067316/; classtype:trojan-activity;sid:83930416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067315)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4ck3rr.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067315/; classtype:trojan-activity;sid:83930415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067314)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pered.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067314/; classtype:trojan-activity;sid:83930414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067313)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/25072023.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067313/; classtype:trojan-activity;sid:83930413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067312)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhosts.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067312/; classtype:trojan-activity;sid:83930412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067310)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5447jsx.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067310/; classtype:trojan-activity;sid:83930410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067309)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067309/; classtype:trojan-activity;sid:83930409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067307)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypteda.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067307/; classtype:trojan-activity;sid:83930407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067308)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067308/; classtype:trojan-activity;sid:83930408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063596)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/ld2207-88703.appspot.com/o/ldmx2207|3f|alt=media|7c|26|7c|token=ea4d3172-9ea9-4c03-96a7-2174419c6a1e"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063596/; classtype:trojan-activity;sid:83926696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063290)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.123.89.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063290/; classtype:trojan-activity;sid:83926390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.91.153.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063145/; classtype:trojan-activity;sid:83926245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059331)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059331/; classtype:trojan-activity;sid:83922431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059332)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059332/; classtype:trojan-activity;sid:83922432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059333)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059333/; classtype:trojan-activity;sid:83922433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059334)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059334/; classtype:trojan-activity;sid:83922434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059326)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059326/; classtype:trojan-activity;sid:83922426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059327)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059327/; classtype:trojan-activity;sid:83922427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059328)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059328/; classtype:trojan-activity;sid:83922428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059329)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059329/; classtype:trojan-activity;sid:83922429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059330)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059330/; classtype:trojan-activity;sid:83922430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059323)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059323/; classtype:trojan-activity;sid:83922423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059324)"; flow:established,from_client; content:"GET"; http_method; content:"/sensi.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059324/; classtype:trojan-activity;sid:83922424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058858)"; flow:established,from_client; content:"GET"; http_method; content:"/bp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"34.102.78.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058858/; classtype:trojan-activity;sid:83921958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058859)"; flow:established,from_client; content:"GET"; http_method; content:"/nc64.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"34.102.78.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058859/; classtype:trojan-activity;sid:83921959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058860)"; flow:established,from_client; content:"GET"; http_method; content:"/jp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"34.102.78.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058860/; classtype:trojan-activity;sid:83921960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058205)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058205/; classtype:trojan-activity;sid:83921305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058195)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058195/; classtype:trojan-activity;sid:83921295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058196)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058196/; classtype:trojan-activity;sid:83921296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058197)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.i586"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058197/; classtype:trojan-activity;sid:83921297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058198)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.i486"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058198/; classtype:trojan-activity;sid:83921298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058199)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.i586"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058199/; classtype:trojan-activity;sid:83921299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058200)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058200/; classtype:trojan-activity;sid:83921300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058201)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058201/; classtype:trojan-activity;sid:83921301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058202)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.i486"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058202/; classtype:trojan-activity;sid:83921302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058194)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058194/; classtype:trojan-activity;sid:83921294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058187)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv4l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058187/; classtype:trojan-activity;sid:83921287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058188)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.armv6l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058188/; classtype:trojan-activity;sid:83921288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058189)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv6l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058189/; classtype:trojan-activity;sid:83921289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058190)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv7l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058190/; classtype:trojan-activity;sid:83921290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058191)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.armv7l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058191/; classtype:trojan-activity;sid:83921291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058192)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv5l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058192/; classtype:trojan-activity;sid:83921292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058193)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.armv4l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058193/; classtype:trojan-activity;sid:83921293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058186)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.armv5l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058186/; classtype:trojan-activity;sid:83921286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058173)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.mipsel"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058173/; classtype:trojan-activity;sid:83921273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058174)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058174/; classtype:trojan-activity;sid:83921274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058175)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.mipsel"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058175/; classtype:trojan-activity;sid:83921275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058176)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.aarch64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058176/; classtype:trojan-activity;sid:83921276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058177)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058177/; classtype:trojan-activity;sid:83921277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058178)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.powerpc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058178/; classtype:trojan-activity;sid:83921278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058179)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058179/; classtype:trojan-activity;sid:83921279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058180)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.powerpc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058180/; classtype:trojan-activity;sid:83921280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058181)"; flow:established,from_client; content:"GET"; http_method; content:"/loadbot.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058181/; classtype:trojan-activity;sid:83921281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058182)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058182/; classtype:trojan-activity;sid:83921282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058183)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.sparc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058183/; classtype:trojan-activity;sid:83921283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058184)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.sparc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058184/; classtype:trojan-activity;sid:83921284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058185)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.aarch64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058185/; classtype:trojan-activity;sid:83921285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052814)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"106.15.239.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052814/; classtype:trojan-activity;sid:83915914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052749)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=8e46c1968a0bd204%21125|7c|26|7c|authkey=!agfr46opw6byh2g"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052749/; classtype:trojan-activity;sid:83915849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052707/; classtype:trojan-activity;sid:83915807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052704)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052704/; classtype:trojan-activity;sid:83915804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052706)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.248.47.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052706/; classtype:trojan-activity;sid:83915806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/mimikatz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052415/; classtype:trojan-activity;sid:83915515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimispool.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052412/; classtype:trojan-activity;sid:83915512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimilib.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052413/; classtype:trojan-activity;sid:83915513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimidrv.sys"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052414/; classtype:trojan-activity;sid:83915514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimidrv.sys"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052395/; classtype:trojan-activity;sid:83915495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimikatz.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052400/; classtype:trojan-activity;sid:83915500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimispool.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052392/; classtype:trojan-activity;sid:83915492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilove.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052393/; classtype:trojan-activity;sid:83915493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilib.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052394/; classtype:trojan-activity;sid:83915494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050380)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"60.246.83.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050380/; classtype:trojan-activity;sid:83913480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045201)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045201/; classtype:trojan-activity;sid:83908301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045202)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045202/; classtype:trojan-activity;sid:83908302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045203)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045203/; classtype:trojan-activity;sid:83908303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045199)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045199/; classtype:trojan-activity;sid:83908299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045192)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045192/; classtype:trojan-activity;sid:83908292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045193)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045193/; classtype:trojan-activity;sid:83908293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045187)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045187/; classtype:trojan-activity;sid:83908287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045191)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045191/; classtype:trojan-activity;sid:83908291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045183)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045183/; classtype:trojan-activity;sid:83908283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045177)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045177/; classtype:trojan-activity;sid:83908277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045174)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045174/; classtype:trojan-activity;sid:83908274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045175)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045175/; classtype:trojan-activity;sid:83908275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045166)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045166/; classtype:trojan-activity;sid:83908266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045169)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045169/; classtype:trojan-activity;sid:83908269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045163)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045163/; classtype:trojan-activity;sid:83908263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045165)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045165/; classtype:trojan-activity;sid:83908265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045161)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045161/; classtype:trojan-activity;sid:83908261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045162)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045162/; classtype:trojan-activity;sid:83908262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045156)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045156/; classtype:trojan-activity;sid:83908256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045157)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045157/; classtype:trojan-activity;sid:83908257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045159)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045159/; classtype:trojan-activity;sid:83908259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045160)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045160/; classtype:trojan-activity;sid:83908260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045148)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045148/; classtype:trojan-activity;sid:83908248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045145)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045145/; classtype:trojan-activity;sid:83908245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045146)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045146/; classtype:trojan-activity;sid:83908246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968688)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader1.1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968688/; classtype:trojan-activity;sid:83831788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968679)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/12.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968679/; classtype:trojan-activity;sid:83831779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968678)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/22.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968678/; classtype:trojan-activity;sid:83831778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.63.155.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953229/; classtype:trojan-activity;sid:83816329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.63.155.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953173/; classtype:trojan-activity;sid:83816273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.63.155.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2952724/; classtype:trojan-activity;sid:83815824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952278)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/rz.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952278/; classtype:trojan-activity;sid:83815378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952271)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/ny1.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952271/; classtype:trojan-activity;sid:83815371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952272)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/async.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952272/; classtype:trojan-activity;sid:83815372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952273)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/wx1.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952273/; classtype:trojan-activity;sid:83815373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952274)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/rup.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952274/; classtype:trojan-activity;sid:83815374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952275)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rr2.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952275/; classtype:trojan-activity;sid:83815375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952276)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/r.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952276/; classtype:trojan-activity;sid:83815376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952277)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rmup.txt"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952277/; classtype:trojan-activity;sid:83815377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952266)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/nj.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952266/; classtype:trojan-activity;sid:83815366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952267)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/nj.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952267/; classtype:trojan-activity;sid:83815367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952268)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nc.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952268/; classtype:trojan-activity;sid:83815368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952269)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/ny0.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952269/; classtype:trojan-activity;sid:83815369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952263)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/r1.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952263/; classtype:trojan-activity;sid:83815363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952264)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/nx.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952264/; classtype:trojan-activity;sid:83815364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952265)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/ps1.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952265/; classtype:trojan-activity;sid:83815365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952258)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/fesarog.txt"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952258/; classtype:trojan-activity;sid:83815358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952259)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/p.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952259/; classtype:trojan-activity;sid:83815359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952260)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/n3.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952260/; classtype:trojan-activity;sid:83815360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952261)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/n3.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952261/; classtype:trojan-activity;sid:83815361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952262)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/p.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952262/; classtype:trojan-activity;sid:83815362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952253)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/ps1.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952253/; classtype:trojan-activity;sid:83815353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952254)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/n1.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952254/; classtype:trojan-activity;sid:83815354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952255)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/qx.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952255/; classtype:trojan-activity;sid:83815355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952256)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/qxx.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952256/; classtype:trojan-activity;sid:83815356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952257)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/r.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952257/; classtype:trojan-activity;sid:83815357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952244)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rr2.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952244/; classtype:trojan-activity;sid:83815344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952245)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/dx.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952245/; classtype:trojan-activity;sid:83815345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952246)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/qx.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952246/; classtype:trojan-activity;sid:83815346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952247)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/async.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952247/; classtype:trojan-activity;sid:83815347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952248)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/dcr.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952248/; classtype:trojan-activity;sid:83815348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952249)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/ny1.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952249/; classtype:trojan-activity;sid:83815349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952250)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/fesarog.txt"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952250/; classtype:trojan-activity;sid:83815350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952251)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rm.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952251/; classtype:trojan-activity;sid:83815351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952238)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/qxx.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952238/; classtype:trojan-activity;sid:83815338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952239)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/nx.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952239/; classtype:trojan-activity;sid:83815339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952240)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/zx2.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952240/; classtype:trojan-activity;sid:83815340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952241)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/q2.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952241/; classtype:trojan-activity;sid:83815341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952242)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/r1.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952242/; classtype:trojan-activity;sid:83815342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952234)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/ny0.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952234/; classtype:trojan-activity;sid:83815334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952236)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/n1.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952236/; classtype:trojan-activity;sid:83815336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952237)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/q2.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952237/; classtype:trojan-activity;sid:83815337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952231)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rm.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952231/; classtype:trojan-activity;sid:83815331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952232)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rmup.txt"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952232/; classtype:trojan-activity;sid:83815332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952233)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/pr.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952233/; classtype:trojan-activity;sid:83815333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952226)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/asx.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952226/; classtype:trojan-activity;sid:83815326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952227)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/dx.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952227/; classtype:trojan-activity;sid:83815327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952228)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/rup.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952228/; classtype:trojan-activity;sid:83815328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952229)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nc.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952229/; classtype:trojan-activity;sid:83815329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952230)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/rz.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952230/; classtype:trojan-activity;sid:83815330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952224)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/q7.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952224/; classtype:trojan-activity;sid:83815324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952225)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/asx.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952225/; classtype:trojan-activity;sid:83815325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952220)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/zqwer/pef3dir.txt"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952220/; classtype:trojan-activity;sid:83815320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952221)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/q1.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952221/; classtype:trojan-activity;sid:83815321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952222)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rmz.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952222/; classtype:trojan-activity;sid:83815322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952218)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/q7.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952218/; classtype:trojan-activity;sid:83815318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952219)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/t3.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952219/; classtype:trojan-activity;sid:83815319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952215)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/wx1.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952215/; classtype:trojan-activity;sid:83815315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952216)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/t3.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952216/; classtype:trojan-activity;sid:83815316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952217)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rmz.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952217/; classtype:trojan-activity;sid:83815317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952212)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/njz.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952212/; classtype:trojan-activity;sid:83815312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952213)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/q1.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952213/; classtype:trojan-activity;sid:83815313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952214)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/dcr.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952214/; classtype:trojan-activity;sid:83815314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952211)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/pr.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952211/; classtype:trojan-activity;sid:83815311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952209)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/zqwer/dllxf3.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952209/; classtype:trojan-activity;sid:83815309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952204)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/zx2.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952204/; classtype:trojan-activity;sid:83815304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952205)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/njx.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952205/; classtype:trojan-activity;sid:83815305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952206)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/njz.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952206/; classtype:trojan-activity;sid:83815306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952208)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/njx.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952208/; classtype:trojan-activity;sid:83815308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951272)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951272/; classtype:trojan-activity;sid:83814372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951273)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951273/; classtype:trojan-activity;sid:83814373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951274)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951274/; classtype:trojan-activity;sid:83814374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951275)"; flow:established,from_client; content:"GET"; http_method; content:"/i6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951275/; classtype:trojan-activity;sid:83814375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951276)"; flow:established,from_client; content:"GET"; http_method; content:"/i5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951276/; classtype:trojan-activity;sid:83814376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951266)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951266/; classtype:trojan-activity;sid:83814366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951267)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951267/; classtype:trojan-activity;sid:83814367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951268)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951268/; classtype:trojan-activity;sid:83814368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951269)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951269/; classtype:trojan-activity;sid:83814369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951270)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951270/; classtype:trojan-activity;sid:83814370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951271)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951271/; classtype:trojan-activity;sid:83814371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951265)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951265/; classtype:trojan-activity;sid:83814365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951060)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951060/; classtype:trojan-activity;sid:83814160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2950283)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2950283/; classtype:trojan-activity;sid:83813383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2950266)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2950266/; classtype:trojan-activity;sid:83813366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2950105)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2950105/; classtype:trojan-activity;sid:83813205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949407)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999safagqwhg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949407/; classtype:trojan-activity;sid:83812507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949406)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.210.27.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949406/; classtype:trojan-activity;sid:83812506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949385)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rsqnkyvcaein5m-gskl8coyuh8w5xrbd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949385/; classtype:trojan-activity;sid:83812485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949176)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999asgasg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949176/; classtype:trojan-activity;sid:83812276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.194.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947794/; classtype:trojan-activity;sid:83810894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.194.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947795/; classtype:trojan-activity;sid:83810895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2946131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.91.153.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2946131/; classtype:trojan-activity;sid:83809231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2946132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.247.206.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2946132/; classtype:trojan-activity;sid:83809232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945569)"; flow:established,from_client; content:"GET"; http_method; content:"/22/items/new_image_20240628_1859/new_image.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ia903207.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945569/; classtype:trojan-activity;sid:83808669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944285)"; flow:established,from_client; content:"GET"; http_method; content:"/jijilovedada/jijilovedada/main/tools/cc/adaptorovernight.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944285/; classtype:trojan-activity;sid:83807385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943953)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/sss.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"39.103.150.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2943953/; classtype:trojan-activity;sid:83807053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943264)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.183.9.88"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2943264/; classtype:trojan-activity;sid:83806364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942730)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/win"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"117.50.184.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942730/; classtype:trojan-activity;sid:83805830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942727)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/1.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942727/; classtype:trojan-activity;sid:83805827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942725)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download//1.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942725/; classtype:trojan-activity;sid:83805825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942717)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/1.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942717/; classtype:trojan-activity;sid:83805817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942718)"; flow:established,from_client; content:"GET"; http_method; content:"/fucksupershell"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.88.186.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942718/; classtype:trojan-activity;sid:83805818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942715)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/tool"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"101.35.228.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942715/; classtype:trojan-activity;sid:83805815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942714)"; flow:established,from_client; content:"GET"; http_method; content:"/rssh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"222.88.186.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942714/; classtype:trojan-activity;sid:83805814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942694)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/123.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942694/; classtype:trojan-activity;sid:83805794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942673)"; flow:established,from_client; content:"GET"; http_method; content:"//shell.elf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.96.128.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942673/; classtype:trojan-activity;sid:83805773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942671)"; flow:established,from_client; content:"GET"; http_method; content:"/gdb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.96.128.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942671/; classtype:trojan-activity;sid:83805771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942590)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/check.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"8.137.59.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942590/; classtype:trojan-activity;sid:83805690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942567)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/win"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"8.218.138.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942567/; classtype:trojan-activity;sid:83805667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942557)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/tool.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"101.35.228.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942557/; classtype:trojan-activity;sid:83805657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934823)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/000.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934823/; classtype:trojan-activity;sid:83797923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934824)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/trojan.malpack.themida%20(anti%20vm).exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934824/; classtype:trojan-activity;sid:83797924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934818)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/jigsaw.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934818/; classtype:trojan-activity;sid:83797918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934819)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/freeyoutubedownloader.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934819/; classtype:trojan-activity;sid:83797919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934820)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/memz.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934820/; classtype:trojan-activity;sid:83797920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934821)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/noescape.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934821/; classtype:trojan-activity;sid:83797921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934822)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/destover.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934822/; classtype:trojan-activity;sid:83797922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934816)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/meredrop.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934816/; classtype:trojan-activity;sid:83797916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934817)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/redlinestealer.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934817/; classtype:trojan-activity;sid:83797917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934811)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/hive%20ransomware.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934811/; classtype:trojan-activity;sid:83797911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934812)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/wannacry.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934812/; classtype:trojan-activity;sid:83797912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934813)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/nomoreransom.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934813/; classtype:trojan-activity;sid:83797913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934808)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/petya.a.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934808/; classtype:trojan-activity;sid:83797908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934809)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/cryptowall.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934809/; classtype:trojan-activity;sid:83797909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934810)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/infinitycrypt.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934810/; classtype:trojan-activity;sid:83797910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934805)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/coronavirus.exe"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934805/; classtype:trojan-activity;sid:83797905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932525)"; flow:established,from_client; content:"GET"; http_method; content:"/fotonview.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932525/; classtype:trojan-activity;sid:83795625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932524)"; flow:established,from_client; content:"GET"; http_method; content:"/evaluation.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932524/; classtype:trojan-activity;sid:83795624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932523)"; flow:established,from_client; content:"GET"; http_method; content:"/cameracomponent.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932523/; classtype:trojan-activity;sid:83795623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932522)"; flow:established,from_client; content:"GET"; http_method; content:"/kuwaitsetuphockey.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932522/; classtype:trojan-activity;sid:83795622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932521)"; flow:established,from_client; content:"GET"; http_method; content:"/officialsevaluationold.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932521/; classtype:trojan-activity;sid:83795621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932520)"; flow:established,from_client; content:"GET"; http_method; content:"/srbijasetuphokej.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932520/; classtype:trojan-activity;sid:83795620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932466)"; flow:established,from_client; content:"GET"; http_method; content:"/64.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.108.60.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932466/; classtype:trojan-activity;sid:83795566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932462)"; flow:established,from_client; content:"GET"; http_method; content:"/hooks.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"hook.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932462/; classtype:trojan-activity;sid:83795562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932461)"; flow:established,from_client; content:"GET"; http_method; content:"/mpmgsvc.jpg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hook.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932461/; classtype:trojan-activity;sid:83795561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932460)"; flow:established,from_client; content:"GET"; http_method; content:"/445.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"down.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932460/; classtype:trojan-activity;sid:83795560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2922320)"; flow:established,from_client; content:"GET"; http_method; content:"/lazagne.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2922320/; classtype:trojan-activity;sid:83785420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2921858)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.254.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2921858/; classtype:trojan-activity;sid:83784958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2921215)"; flow:established,from_client; content:"GET"; http_method; content:"/adrtest.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.42.55.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2921215/; classtype:trojan-activity;sid:83784315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2921210)"; flow:established,from_client; content:"GET"; http_method; content:"/data/a.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"129.151.210.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2921210/; classtype:trojan-activity;sid:83784310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2917510)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.23.169.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2917510/; classtype:trojan-activity;sid:83780610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916093)"; flow:established,from_client; content:"GET"; http_method; content:"/mpmgsvc.jpg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"211.108.60.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916093/; classtype:trojan-activity;sid:83779193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914055)"; flow:established,from_client; content:"GET"; http_method; content:"/tq.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"down.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914055/; classtype:trojan-activity;sid:83777155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914056)"; flow:established,from_client; content:"GET"; http_method; content:"/wmi.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"down.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914056/; classtype:trojan-activity;sid:83777156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914041)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"60.246.106.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914041/; classtype:trojan-activity;sid:83777141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2912423)"; flow:established,from_client; content:"GET"; http_method; content:"/tq.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssl.ftp21.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_29; reference:url, urlhaus.abuse.ch/url/2912423/; classtype:trojan-activity;sid:83775523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911245)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"data.discuz.mobi"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911245/; classtype:trojan-activity;sid:83774345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911222)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.3.78.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911222/; classtype:trojan-activity;sid:83774322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911219)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911219/; classtype:trojan-activity;sid:83774319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911218)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"230.sub-166-166-188.myvzw.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911218/; classtype:trojan-activity;sid:83774318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911217)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911217/; classtype:trojan-activity;sid:83774317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911215)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911215/; classtype:trojan-activity;sid:83774315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911213)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.166.188.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911213/; classtype:trojan-activity;sid:83774313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911212)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911212/; classtype:trojan-activity;sid:83774312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911211)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.250.120.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911211/; classtype:trojan-activity;sid:83774311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911208)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.60.25.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911208/; classtype:trojan-activity;sid:83774308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911206)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.122.210.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911206/; classtype:trojan-activity;sid:83774306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911204)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5-157-110-232.dyn.eolo.it"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911204/; classtype:trojan-activity;sid:83774304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911202)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.26.97.52"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911202/; classtype:trojan-activity;sid:83774302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911203)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.250.53.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911203/; classtype:trojan-activity;sid:83774303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911196)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78-20-115-5.access.telenet.be"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911196/; classtype:trojan-activity;sid:83774296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911194)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.103.203.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911194/; classtype:trojan-activity;sid:83774294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911190)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78.20.115.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911190/; classtype:trojan-activity;sid:83774290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911187)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911187/; classtype:trojan-activity;sid:83774287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911184)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"126.23.203.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911184/; classtype:trojan-activity;sid:83774284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911182)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.143.54.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911182/; classtype:trojan-activity;sid:83774282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911179)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"59.29.46.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911179/; classtype:trojan-activity;sid:83774279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911170)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.142.27.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911170/; classtype:trojan-activity;sid:83774270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911167)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.115.102.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911167/; classtype:trojan-activity;sid:83774267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911154)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.255.114.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911154/; classtype:trojan-activity;sid:83774254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911160)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911160/; classtype:trojan-activity;sid:83774260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911150)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.215.253.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911150/; classtype:trojan-activity;sid:83774250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911148)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.214.192.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911148/; classtype:trojan-activity;sid:83774248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911141)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.147.147.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911141/; classtype:trojan-activity;sid:83774241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911140)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.31.159.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911140/; classtype:trojan-activity;sid:83774240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911136)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23-122-210-174.lightspeed.cicril.sbcglobal.net"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911136/; classtype:trojan-activity;sid:83774236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911137)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.229.251.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911137/; classtype:trojan-activity;sid:83774237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911133)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911133/; classtype:trojan-activity;sid:83774233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911129)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cpc138130-hatf10-2-0-cust814.9-3.cable.virginm.net"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911129/; classtype:trojan-activity;sid:83774229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911126)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.186.91.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911126/; classtype:trojan-activity;sid:83774226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911122)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911122/; classtype:trojan-activity;sid:83774222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911123)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.213.59.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911123/; classtype:trojan-activity;sid:83774223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911119)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83-87-76-41.cable.dynamic.v4.ziggo.nl"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911119/; classtype:trojan-activity;sid:83774219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911118)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.87.76.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911118/; classtype:trojan-activity;sid:83774218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911116)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.225.132.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911116/; classtype:trojan-activity;sid:83774216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911113)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"softbank126023203236.bbtec.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911113/; classtype:trojan-activity;sid:83774213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911109)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"epei77.direct.quickconnect.to"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911109/; classtype:trojan-activity;sid:83774209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911108)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-195-103-203-106.business.telecomitalia.it"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911108/; classtype:trojan-activity;sid:83774208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911106)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"qgf338jtt8tty7rx.myfritz.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911106/; classtype:trojan-activity;sid:83774206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911105)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-95-255-114-11.business.telecomitalia.it"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911105/; classtype:trojan-activity;sid:83774205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911104)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"static-91-225-132-57.devs.futuro.pl"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911104/; classtype:trojan-activity;sid:83774204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911011)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"100.16.168.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911011/; classtype:trojan-activity;sid:83774111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.81.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910756/; classtype:trojan-activity;sid:83773856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910687)"; flow:established,from_client; content:"GET"; http_method; content:"/config/qnvqkfym.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"b46.oss-cn-hongkong.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910687/; classtype:trojan-activity;sid:83773787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910224)"; flow:established,from_client; content:"GET"; http_method; content:"/payloads/dmshell.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"shell.dimitrimedia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910224/; classtype:trojan-activity;sid:83773324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910223)"; flow:established,from_client; content:"GET"; http_method; content:"/payloads/dmshell.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"172-105-66-118.ip.linodeusercontent.com"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910223/; classtype:trojan-activity;sid:83773323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909310)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.118.79.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909310/; classtype:trojan-activity;sid:83772410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909291)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.184.185.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909291/; classtype:trojan-activity;sid:83772391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909290)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.224.107.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909290/; classtype:trojan-activity;sid:83772390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908910)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"170.210.81.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908910/; classtype:trojan-activity;sid:83772010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908913)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.72.167.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908913/; classtype:trojan-activity;sid:83772013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908909)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"12.196.184.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908909/; classtype:trojan-activity;sid:83772009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908899)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.192.113.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908899/; classtype:trojan-activity;sid:83771999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908900)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.108.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908900/; classtype:trojan-activity;sid:83772000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908901)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.192.113.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908901/; classtype:trojan-activity;sid:83772001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908902)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.57.39.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908902/; classtype:trojan-activity;sid:83772002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908903)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.142.209.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908903/; classtype:trojan-activity;sid:83772003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908906)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.40.16.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908906/; classtype:trojan-activity;sid:83772006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908891)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"200.123.251.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908891/; classtype:trojan-activity;sid:83771991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908894)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"170.210.81.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908894/; classtype:trojan-activity;sid:83771994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908888)"; flow:established,from_client; content:"GET"; http_method; content:"/deccastationers.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908888/; classtype:trojan-activity;sid:83771988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908887)"; flow:established,from_client; content:"GET"; http_method; content:"/deccastationers.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908887/; classtype:trojan-activity;sid:83771987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908012)"; flow:established,from_client; content:"GET"; http_method; content:"/8/items/new_image_20240619_1432/new_image.jpg"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"ia800400.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_06_26; reference:url, urlhaus.abuse.ch/url/2908012/; classtype:trojan-activity;sid:83771112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2907615)"; flow:established,from_client; content:"GET"; http_method; content:"/17/items/new_image_20240625_2128/new_image.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ia803402.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_06_26; reference:url, urlhaus.abuse.ch/url/2907615/; classtype:trojan-activity;sid:83770715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906475)"; flow:established,from_client; content:"GET"; http_method; content:"/img001.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906475/; classtype:trojan-activity;sid:83769575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906195)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906195/; classtype:trojan-activity;sid:83769295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905256)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.175.24.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905256/; classtype:trojan-activity;sid:83768356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905208)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.175.24.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905208/; classtype:trojan-activity;sid:83768308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905209)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.175.24.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905209/; classtype:trojan-activity;sid:83768309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905204)"; flow:established,from_client; content:"GET"; http_method; content:"/img001.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905204/; classtype:trojan-activity;sid:83768304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905199)"; flow:established,from_client; content:"GET"; http_method; content:"/install_python3.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.206.151.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905199/; classtype:trojan-activity;sid:83768299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905159)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.236.23.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905159/; classtype:trojan-activity;sid:83768259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905158)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.236.23.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905158/; classtype:trojan-activity;sid:83768258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905154)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905154/; classtype:trojan-activity;sid:83768254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905149)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.50.95.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905149/; classtype:trojan-activity;sid:83768249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905150)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905150/; classtype:trojan-activity;sid:83768250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905147)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.50.95.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905147/; classtype:trojan-activity;sid:83768247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905145)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905145/; classtype:trojan-activity;sid:83768245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905140)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.236.23.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905140/; classtype:trojan-activity;sid:83768240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905133)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905133/; classtype:trojan-activity;sid:83768233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905129)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.50.95.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905129/; classtype:trojan-activity;sid:83768229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905125)"; flow:established,from_client; content:"GET"; http_method; content:"/pornhub_downloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905125/; classtype:trojan-activity;sid:83768225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905115)"; flow:established,from_client; content:"GET"; http_method; content:"/install_python3.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905115/; classtype:trojan-activity;sid:83768215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2901924)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.187.118.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_23; reference:url, urlhaus.abuse.ch/url/2901924/; classtype:trojan-activity;sid:83765024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2901197)"; flow:established,from_client; content:"GET"; http_method; content:"/zwzonepieces/posapsi/master/chatlife.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_22; reference:url, urlhaus.abuse.ch/url/2901197/; classtype:trojan-activity;sid:83764297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2900550)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.118.121.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2900550/; classtype:trojan-activity;sid:83763650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899910)"; flow:established,from_client; content:"GET"; http_method; content:"/16/items/new_image_202406/new_image.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"ia803405.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2899910/; classtype:trojan-activity;sid:83763010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899853)"; flow:established,from_client; content:"GET"; http_method; content:"/ipfs/qmu99juvu4mweyuw7e6kkw8mheocjzoem5nueb87fdfpeh"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"ipfs.io"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2899853/; classtype:trojan-activity;sid:83762953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898814)"; flow:established,from_client; content:"GET"; http_method; content:"/fury-os/fury_kms/releases/download/v.1.6.0/furykms_v.1.6.0.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898814/; classtype:trojan-activity;sid:83761914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2897332)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.202.101.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2897332/; classtype:trojan-activity;sid:83760432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896954)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896954/; classtype:trojan-activity;sid:83760054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896955)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896955/; classtype:trojan-activity;sid:83760055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896956)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896956/; classtype:trojan-activity;sid:83760056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896950)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896950/; classtype:trojan-activity;sid:83760050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896951)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896951/; classtype:trojan-activity;sid:83760051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896948)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896948/; classtype:trojan-activity;sid:83760048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2895458)"; flow:established,from_client; content:"GET"; http_method; content:"/%c4%a7%be%a7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"112.74.185.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_18; reference:url, urlhaus.abuse.ch/url/2895458/; classtype:trojan-activity;sid:83758558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2895457)"; flow:established,from_client; content:"GET"; http_method; content:"/3r%bc%bc%ca%f5.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"112.74.185.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_18; reference:url, urlhaus.abuse.ch/url/2895457/; classtype:trojan-activity;sid:83758557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2894025)"; flow:established,from_client; content:"GET"; http_method; content:"/kailash-jakhar/webpack-v5-tutorial/main/quizpokemon.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_17; reference:url, urlhaus.abuse.ch/url/2894025/; classtype:trojan-activity;sid:83757125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2892223)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.19.13.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2892223/; classtype:trojan-activity;sid:83755323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2891705)"; flow:established,from_client; content:"GET"; http_method; content:"/backup/clientcaller.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2891705/; classtype:trojan-activity;sid:83754805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2891703)"; flow:established,from_client; content:"GET"; http_method; content:"/clientcaller.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2891703/; classtype:trojan-activity;sid:83754803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2891702)"; flow:established,from_client; content:"GET"; http_method; content:"/u/software/%e6%89%93%e5%8d%b0%e4%bb%bb%e5%8a%a1%e6%b8%85%e9%99%a4%e5%99%a8.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"183.166.57.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2891702/; classtype:trojan-activity;sid:83754802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888479)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.215.245.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888479/; classtype:trojan-activity;sid:83751579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888476)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"59.175.183.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888476/; classtype:trojan-activity;sid:83751576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888475)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.160.249.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888475/; classtype:trojan-activity;sid:83751575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888474)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888474/; classtype:trojan-activity;sid:83751574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888469)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.244.110.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888469/; classtype:trojan-activity;sid:83751569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888463)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"118.178.133.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888463/; classtype:trojan-activity;sid:83751563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888460)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888460/; classtype:trojan-activity;sid:83751560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888459)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"112.27.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888459/; classtype:trojan-activity;sid:83751559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888458)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888458/; classtype:trojan-activity;sid:83751558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888456)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888456/; classtype:trojan-activity;sid:83751556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888447)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"115.28.26.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888447/; classtype:trojan-activity;sid:83751547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888445)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888445/; classtype:trojan-activity;sid:83751545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888444)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.67.254.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888444/; classtype:trojan-activity;sid:83751544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888443)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.182.69.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888443/; classtype:trojan-activity;sid:83751543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888440)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"139.159.155.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888440/; classtype:trojan-activity;sid:83751540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888438)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"139.159.155.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888438/; classtype:trojan-activity;sid:83751538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888430)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.157.17.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888430/; classtype:trojan-activity;sid:83751530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888259)"; flow:established,from_client; content:"GET"; http_method; content:"/products/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"193.162.43.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888259/; classtype:trojan-activity;sid:83751359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888258)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.162.43.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888258/; classtype:trojan-activity;sid:83751358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888257)"; flow:established,from_client; content:"GET"; http_method; content:"/products/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.162.43.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888257/; classtype:trojan-activity;sid:83751357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888254)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.162.43.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888254/; classtype:trojan-activity;sid:83751354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888255)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.162.43.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888255/; classtype:trojan-activity;sid:83751355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888251)"; flow:established,from_client; content:"GET"; http_method; content:"/products/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"193.162.43.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888251/; classtype:trojan-activity;sid:83751351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888252)"; flow:established,from_client; content:"GET"; http_method; content:"/products/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.162.43.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888252/; classtype:trojan-activity;sid:83751352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888253)"; flow:established,from_client; content:"GET"; http_method; content:"/products/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"193.162.43.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888253/; classtype:trojan-activity;sid:83751353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888247)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.162.43.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888247/; classtype:trojan-activity;sid:83751347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888248)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.162.43.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888248/; classtype:trojan-activity;sid:83751348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888249)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.162.43.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888249/; classtype:trojan-activity;sid:83751349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888250)"; flow:established,from_client; content:"GET"; http_method; content:"/products/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"193.162.43.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888250/; classtype:trojan-activity;sid:83751350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888016)"; flow:established,from_client; content:"GET"; http_method; content:"/ade4f437.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"106.14.143.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888016/; classtype:trojan-activity;sid:83751116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888001)"; flow:established,from_client; content:"GET"; http_method; content:"/asusdebug.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"106.14.143.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888001/; classtype:trojan-activity;sid:83751101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2886550)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.109.148.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_13; reference:url, urlhaus.abuse.ch/url/2886550/; classtype:trojan-activity;sid:83749650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2885860)"; flow:established,from_client; content:"GET"; http_method; content:"/brunovale03/adegaads/main/offeredbuilt.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_13; reference:url, urlhaus.abuse.ch/url/2885860/; classtype:trojan-activity;sid:83748960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2885017)"; flow:established,from_client; content:"GET"; http_method; content:"/smug246/luna-grabber-injection/main/injection-obfuscated.js"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_12; reference:url, urlhaus.abuse.ch/url/2885017/; classtype:trojan-activity;sid:83748117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2885006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.39.146.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_12; reference:url, urlhaus.abuse.ch/url/2885006/; classtype:trojan-activity;sid:83748106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883947)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.156.224.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883947/; classtype:trojan-activity;sid:83747047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883765)"; flow:established,from_client; content:"GET"; http_method; content:"/uphoarding.hhp"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.atordeg.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883765/; classtype:trojan-activity;sid:83746865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883708)"; flow:established,from_client; content:"GET"; http_method; content:"/sirvivor32/sirvivor/main/lukejazz.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883708/; classtype:trojan-activity;sid:83746808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2882153)"; flow:established,from_client; content:"GET"; http_method; content:"/payloads/dmshell.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"172.105.66.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2882153/; classtype:trojan-activity;sid:83745253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2881768)"; flow:established,from_client; content:"GET"; http_method; content:"/cg100/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2881768/; classtype:trojan-activity;sid:83744868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879886)"; flow:established,from_client; content:"GET"; http_method; content:"/pwnkit"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.71.224.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879886/; classtype:trojan-activity;sid:83742986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879846)"; flow:established,from_client; content:"GET"; http_method; content:"/cve/cve-2021-4034"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879846/; classtype:trojan-activity;sid:83742946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879845)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/test.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879845/; classtype:trojan-activity;sid:83742945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879683)"; flow:established,from_client; content:"GET"; http_method; content:"/shellcode"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"101.101.160.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879683/; classtype:trojan-activity;sid:83742783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879531)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.149.81.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879531/; classtype:trojan-activity;sid:83742631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2878419)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.188.82.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_07; reference:url, urlhaus.abuse.ch/url/2878419/; classtype:trojan-activity;sid:83741519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877962)"; flow:established,from_client; content:"GET"; http_method; content:"/images/8fc809.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"jtpdev.co.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_07; reference:url, urlhaus.abuse.ch/url/2877962/; classtype:trojan-activity;sid:83741062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877890)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15421286/2022and2023taxdocuments.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_07; reference:url, urlhaus.abuse.ch/url/2877890/; classtype:trojan-activity;sid:83740990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877425)"; flow:established,from_client; content:"GET"; http_method; content:"/images/8fc809.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"jtpdev.co.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_06; reference:url, urlhaus.abuse.ch/url/2877425/; classtype:trojan-activity;sid:83740525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877333)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=be74a2a80f46402f%21108|7c|26|7c|authkey=!apakrcjm7r_t5aa"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_06_06; reference:url, urlhaus.abuse.ch/url/2877333/; classtype:trojan-activity;sid:83740433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2875723)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/zqwer/dllxf3.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_05; reference:url, urlhaus.abuse.ch/url/2875723/; classtype:trojan-activity;sid:83738823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2875722)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/zqwer/pef3dir.txt"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_05; reference:url, urlhaus.abuse.ch/url/2875722/; classtype:trojan-activity;sid:83738822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874516)"; flow:established,from_client; content:"GET"; http_method; content:"/o.elf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"reusable-flex.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874516/; classtype:trojan-activity;sid:83737616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874107)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=19nonxskhmwbvfxpr2ccmwd9xrhz1ldco"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874107/; classtype:trojan-activity;sid:83737207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874102)"; flow:established,from_client; content:"GET"; http_method; content:"/walesboller.pcx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874102/; classtype:trojan-activity;sid:83737202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2873811)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2873811/; classtype:trojan-activity;sid:83736911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2872943)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=7eb674a88ccf381d%21552|7c|26|7c|authkey=!ah8ykhc8fseogq0"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_06_03; reference:url, urlhaus.abuse.ch/url/2872943/; classtype:trojan-activity;sid:83736043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2872938)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=7eb674a88ccf381d%21554|7c|26|7c|authkey=!al2jzv2j-kuxnxi"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_06_03; reference:url, urlhaus.abuse.ch/url/2872938/; classtype:trojan-activity;sid:83736038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2872939)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=7eb674a88ccf381d%21553|7c|26|7c|authkey=!am3kf8wmh98xn0y"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_06_03; reference:url, urlhaus.abuse.ch/url/2872939/; classtype:trojan-activity;sid:83736039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2871410)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12gxtnsqsjokneqetkvk1a99fni-es6ir"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_01; reference:url, urlhaus.abuse.ch/url/2871410/; classtype:trojan-activity;sid:83734510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wsqkirdngjlt8uu2lv9mzciks4my12jh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870235/; classtype:trojan-activity;sid:83733335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870229)"; flow:established,from_client; content:"GET"; http_method; content:"/download/40/4a6ca328-7888-3279-b672-d1d9d0a46ee2/gta_v.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"softcatalog.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870229/; classtype:trojan-activity;sid:83733329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870174)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.187.7.29"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870174/; classtype:trojan-activity;sid:83733274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869849)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869849/; classtype:trojan-activity;sid:83732949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869844)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869844/; classtype:trojan-activity;sid:83732944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869702)"; flow:established,from_client; content:"GET"; http_method; content:"/sheksweet/sheksweet1/main/rambledmime.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869702/; classtype:trojan-activity;sid:83732802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869436)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/rssh"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"222.88.186.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2869436/; classtype:trojan-activity;sid:83732536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868847)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/dahmfv126.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dnvk1.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868847/; classtype:trojan-activity;sid:83731947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868723)"; flow:established,from_client; content:"GET"; http_method; content:"/a.i_1003h.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"221.143.49.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868723/; classtype:trojan-activity;sid:83731823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868722)"; flow:established,from_client; content:"GET"; http_method; content:"/batch.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868722/; classtype:trojan-activity;sid:83731822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868720)"; flow:established,from_client; content:"GET"; http_method; content:"/coreminer-linux-x86_64.tar.gz"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868720/; classtype:trojan-activity;sid:83731820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868719)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/start-powershellfordopaddcrontab.psl"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868719/; classtype:trojan-activity;sid:83731819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868710)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/start-powershellfordop.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868710/; classtype:trojan-activity;sid:83731810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868714)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/start-powershellxlies.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868714/; classtype:trojan-activity;sid:83731814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868624)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.185.229.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868624/; classtype:trojan-activity;sid:83731724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867270)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/flutter-movie/master/crypted_c360a5b7.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867270/; classtype:trojan-activity;sid:83730370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867236)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/apple-replica-starter-files/master/apple-replica/zintask.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867236/; classtype:trojan-activity;sid:83730336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865442)"; flow:established,from_client; content:"GET"; http_method; content:"/ggws_upload.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865442/; classtype:trojan-activity;sid:83728542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865272)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthbq.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865272/; classtype:trojan-activity;sid:83728372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865273)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthupload.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865273/; classtype:trojan-activity;sid:83728373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865241)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthupdate.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865241/; classtype:trojan-activity;sid:83728341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864267)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864267/; classtype:trojan-activity;sid:83727367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864266)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.241.74.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864266/; classtype:trojan-activity;sid:83727366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864259)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.42.198.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864259/; classtype:trojan-activity;sid:83727359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864261)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.42.198.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864261/; classtype:trojan-activity;sid:83727361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864262)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.143.139.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864262/; classtype:trojan-activity;sid:83727362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864256)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.120.175.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864256/; classtype:trojan-activity;sid:83727356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864245)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.42.198.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864245/; classtype:trojan-activity;sid:83727345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864247)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864247/; classtype:trojan-activity;sid:83727347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864249)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864249/; classtype:trojan-activity;sid:83727349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864252)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.42.198.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864252/; classtype:trojan-activity;sid:83727352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864253)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.191.190.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864253/; classtype:trojan-activity;sid:83727353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864254)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864254/; classtype:trojan-activity;sid:83727354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864255)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864255/; classtype:trojan-activity;sid:83727355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864244)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.247.206.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864244/; classtype:trojan-activity;sid:83727344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863534)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863534/; classtype:trojan-activity;sid:83726634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863372)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"221.10.233.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863372/; classtype:trojan-activity;sid:83726472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863373)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.50.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863373/; classtype:trojan-activity;sid:83726473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863371)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863371/; classtype:trojan-activity;sid:83726471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863363)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863363/; classtype:trojan-activity;sid:83726463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863366)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863366/; classtype:trojan-activity;sid:83726466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863359)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.112.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863359/; classtype:trojan-activity;sid:83726459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863360)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863360/; classtype:trojan-activity;sid:83726460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863362)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.112.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863362/; classtype:trojan-activity;sid:83726462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863358)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863358/; classtype:trojan-activity;sid:83726458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863354)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.50.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863354/; classtype:trojan-activity;sid:83726454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863355)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.50.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863355/; classtype:trojan-activity;sid:83726455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863341)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863341/; classtype:trojan-activity;sid:83726441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863342)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863342/; classtype:trojan-activity;sid:83726442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863343)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.191.190.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863343/; classtype:trojan-activity;sid:83726443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863345)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863345/; classtype:trojan-activity;sid:83726445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863346)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.19.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863346/; classtype:trojan-activity;sid:83726446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863323)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863323/; classtype:trojan-activity;sid:83726423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863326)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863326/; classtype:trojan-activity;sid:83726426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863328)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.135.42.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863328/; classtype:trojan-activity;sid:83726428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863331)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863331/; classtype:trojan-activity;sid:83726431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863332)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.76.12.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863332/; classtype:trojan-activity;sid:83726432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863333)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.77.57.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863333/; classtype:trojan-activity;sid:83726433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863334)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.49.168.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863334/; classtype:trojan-activity;sid:83726434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863335)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.112.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863335/; classtype:trojan-activity;sid:83726435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863339)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.112.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863339/; classtype:trojan-activity;sid:83726439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863340)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863340/; classtype:trojan-activity;sid:83726440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863321)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.135.42.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863321/; classtype:trojan-activity;sid:83726421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863322)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.135.42.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863322/; classtype:trojan-activity;sid:83726422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862297)"; flow:established,from_client; content:"GET"; http_method; content:"/wxijgyp.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bafybeicoo7kwhmnl6q7prd65aimf5byzrihrklgviebm2pkyzyepdaigf4.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862297/; classtype:trojan-activity;sid:83725397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862107)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"125.168.166.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862107/; classtype:trojan-activity;sid:83725207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862050)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/8gikly"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862050/; classtype:trojan-activity;sid:83725150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862051)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/medjl1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862051/; classtype:trojan-activity;sid:83725151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862052)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/dy1f16"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862052/; classtype:trojan-activity;sid:83725152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862053)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/kx3wl4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862053/; classtype:trojan-activity;sid:83725153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862054)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/ppxodm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862054/; classtype:trojan-activity;sid:83725154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862055)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/e7opy8"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862055/; classtype:trojan-activity;sid:83725155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862056)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/7dhid7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862056/; classtype:trojan-activity;sid:83725156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862049)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/tbfvpd"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862049/; classtype:trojan-activity;sid:83725149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862046)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/6f2c5c"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862046/; classtype:trojan-activity;sid:83725146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862047)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/g2js91"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862047/; classtype:trojan-activity;sid:83725147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862044)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/lt00vw"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862044/; classtype:trojan-activity;sid:83725144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862045)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/i7tdbr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862045/; classtype:trojan-activity;sid:83725145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862043)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/3a9xj1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862043/; classtype:trojan-activity;sid:83725143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862042)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/wyg3h5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862042/; classtype:trojan-activity;sid:83725142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862022)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862022/; classtype:trojan-activity;sid:83725122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862020)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.216.105.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862020/; classtype:trojan-activity;sid:83725120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862018)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862018/; classtype:trojan-activity;sid:83725118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862017)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862017/; classtype:trojan-activity;sid:83725117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862004)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862004/; classtype:trojan-activity;sid:83725104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862005)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.202.0.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862005/; classtype:trojan-activity;sid:83725105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862007)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862007/; classtype:trojan-activity;sid:83725107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862009/; classtype:trojan-activity;sid:83725109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862010)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.144.131.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862010/; classtype:trojan-activity;sid:83725110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862011)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862011/; classtype:trojan-activity;sid:83725111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862014)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862014/; classtype:trojan-activity;sid:83725114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861994)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.113.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861994/; classtype:trojan-activity;sid:83725094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861996)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.127.22.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861996/; classtype:trojan-activity;sid:83725096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861998)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861998/; classtype:trojan-activity;sid:83725098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861999)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.112.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861999/; classtype:trojan-activity;sid:83725099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861992)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.76.12.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861992/; classtype:trojan-activity;sid:83725092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861989)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861989/; classtype:trojan-activity;sid:83725089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861986)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.175.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861986/; classtype:trojan-activity;sid:83725086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861987)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861987/; classtype:trojan-activity;sid:83725087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861978)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.165.122.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861978/; classtype:trojan-activity;sid:83725078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861980)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861980/; classtype:trojan-activity;sid:83725080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861982)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861982/; classtype:trojan-activity;sid:83725082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861962)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.125.243.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861962/; classtype:trojan-activity;sid:83725062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861964)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.140.147.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861964/; classtype:trojan-activity;sid:83725064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861967)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.145.144.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861967/; classtype:trojan-activity;sid:83725067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861968)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.76.12.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861968/; classtype:trojan-activity;sid:83725068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861969)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"39.175.56.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861969/; classtype:trojan-activity;sid:83725069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861971)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"132.255.192.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861971/; classtype:trojan-activity;sid:83725071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861972)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"39.175.56.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861972/; classtype:trojan-activity;sid:83725072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861974)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861974/; classtype:trojan-activity;sid:83725074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861953)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.113.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861953/; classtype:trojan-activity;sid:83725053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861956)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861956/; classtype:trojan-activity;sid:83725056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861958)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861958/; classtype:trojan-activity;sid:83725058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861959)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861959/; classtype:trojan-activity;sid:83725059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861951)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861951/; classtype:trojan-activity;sid:83725051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861950)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.47.248.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861950/; classtype:trojan-activity;sid:83725050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861946)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861946/; classtype:trojan-activity;sid:83725046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861948)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861948/; classtype:trojan-activity;sid:83725048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861949)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14stirling.dyndns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861949/; classtype:trojan-activity;sid:83725049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861917)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.199.4.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861917/; classtype:trojan-activity;sid:83725017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861918)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.113.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861918/; classtype:trojan-activity;sid:83725018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861919)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861919/; classtype:trojan-activity;sid:83725019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861922)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.196.96.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861922/; classtype:trojan-activity;sid:83725022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861923)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861923/; classtype:trojan-activity;sid:83725023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861927)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.82.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861927/; classtype:trojan-activity;sid:83725027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861929)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.230.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861929/; classtype:trojan-activity;sid:83725029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861930)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.134.214.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861930/; classtype:trojan-activity;sid:83725030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861931)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861931/; classtype:trojan-activity;sid:83725031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861932)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861932/; classtype:trojan-activity;sid:83725032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861935)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861935/; classtype:trojan-activity;sid:83725035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861939)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861939/; classtype:trojan-activity;sid:83725039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861940)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861940/; classtype:trojan-activity;sid:83725040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861941)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861941/; classtype:trojan-activity;sid:83725041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861943)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861943/; classtype:trojan-activity;sid:83725043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861945)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861945/; classtype:trojan-activity;sid:83725045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861914)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861914/; classtype:trojan-activity;sid:83725014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861915)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.112.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861915/; classtype:trojan-activity;sid:83725015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861910)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861910/; classtype:trojan-activity;sid:83725010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861888)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/dvbcvt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861888/; classtype:trojan-activity;sid:83724988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861887)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/exw2o1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861887/; classtype:trojan-activity;sid:83724987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861856)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861856/; classtype:trojan-activity;sid:83724956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861841)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861841/; classtype:trojan-activity;sid:83724941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861842)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861842/; classtype:trojan-activity;sid:83724942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861843)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861843/; classtype:trojan-activity;sid:83724943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861844)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861844/; classtype:trojan-activity;sid:83724944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861846)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"96.76.18.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861846/; classtype:trojan-activity;sid:83724946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861848)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.121.112.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861848/; classtype:trojan-activity;sid:83724948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861852)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861852/; classtype:trojan-activity;sid:83724952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861854)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861854/; classtype:trojan-activity;sid:83724954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861836)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861836/; classtype:trojan-activity;sid:83724936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861838)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861838/; classtype:trojan-activity;sid:83724938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861839)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861839/; classtype:trojan-activity;sid:83724939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861834)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861834/; classtype:trojan-activity;sid:83724934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861831)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.176.204.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861831/; classtype:trojan-activity;sid:83724931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861830)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"193.160.86.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861830/; classtype:trojan-activity;sid:83724930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861828)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.134.214.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861828/; classtype:trojan-activity;sid:83724928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861826)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861826/; classtype:trojan-activity;sid:83724926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861827)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861827/; classtype:trojan-activity;sid:83724927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861824)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861824/; classtype:trojan-activity;sid:83724924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861820)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861820/; classtype:trojan-activity;sid:83724920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861821)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.214.27.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861821/; classtype:trojan-activity;sid:83724921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861822)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861822/; classtype:trojan-activity;sid:83724922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861819)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861819/; classtype:trojan-activity;sid:83724919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861817)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"124.19.79.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861817/; classtype:trojan-activity;sid:83724917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861818)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.64.76.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861818/; classtype:trojan-activity;sid:83724918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861814)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861814/; classtype:trojan-activity;sid:83724914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861815)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"204.11.227.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861815/; classtype:trojan-activity;sid:83724915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861810)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1.179.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861810/; classtype:trojan-activity;sid:83724910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861812)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861812/; classtype:trojan-activity;sid:83724912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861806)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.15.181.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861806/; classtype:trojan-activity;sid:83724906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861808)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861808/; classtype:trojan-activity;sid:83724908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861801)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.145.144.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861801/; classtype:trojan-activity;sid:83724901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861802)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861802/; classtype:trojan-activity;sid:83724902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861799)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861799/; classtype:trojan-activity;sid:83724899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861800)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861800/; classtype:trojan-activity;sid:83724900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861798)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"132.255.192.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861798/; classtype:trojan-activity;sid:83724898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861796)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861796/; classtype:trojan-activity;sid:83724896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861794)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861794/; classtype:trojan-activity;sid:83724894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861790)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861790/; classtype:trojan-activity;sid:83724890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861788)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.21.148.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861788/; classtype:trojan-activity;sid:83724888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861789)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.231.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861789/; classtype:trojan-activity;sid:83724889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861787)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.121.113.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861787/; classtype:trojan-activity;sid:83724887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861785)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861785/; classtype:trojan-activity;sid:83724885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861786)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861786/; classtype:trojan-activity;sid:83724886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861781)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861781/; classtype:trojan-activity;sid:83724881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861776)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861776/; classtype:trojan-activity;sid:83724876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861777)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861777/; classtype:trojan-activity;sid:83724877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861778)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861778/; classtype:trojan-activity;sid:83724878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861769)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.165.122.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861769/; classtype:trojan-activity;sid:83724869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861770)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861770/; classtype:trojan-activity;sid:83724870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861773)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861773/; classtype:trojan-activity;sid:83724873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861774)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.121.112.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861774/; classtype:trojan-activity;sid:83724874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861758)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861758/; classtype:trojan-activity;sid:83724858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861761)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861761/; classtype:trojan-activity;sid:83724861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861763)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861763/; classtype:trojan-activity;sid:83724863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861754)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861754/; classtype:trojan-activity;sid:83724854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861755)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861755/; classtype:trojan-activity;sid:83724855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861752)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.127.22.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861752/; classtype:trojan-activity;sid:83724852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861750)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861750/; classtype:trojan-activity;sid:83724850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861749)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861749/; classtype:trojan-activity;sid:83724849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861745)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861745/; classtype:trojan-activity;sid:83724845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861743)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861743/; classtype:trojan-activity;sid:83724843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861735)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861735/; classtype:trojan-activity;sid:83724835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861737)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861737/; classtype:trojan-activity;sid:83724837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861740)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861740/; classtype:trojan-activity;sid:83724840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861729)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861729/; classtype:trojan-activity;sid:83724829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861730)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.200.171.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861730/; classtype:trojan-activity;sid:83724830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861731)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"166.144.131.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861731/; classtype:trojan-activity;sid:83724831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861733)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861733/; classtype:trojan-activity;sid:83724833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861734)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861734/; classtype:trojan-activity;sid:83724834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861721)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861721/; classtype:trojan-activity;sid:83724821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861722)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.31.226.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861722/; classtype:trojan-activity;sid:83724822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861723)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.121.113.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861723/; classtype:trojan-activity;sid:83724823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861725)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861725/; classtype:trojan-activity;sid:83724825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861726)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861726/; classtype:trojan-activity;sid:83724826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861717)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"39.175.56.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861717/; classtype:trojan-activity;sid:83724817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861719)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861719/; classtype:trojan-activity;sid:83724819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861715)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.76.12.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861715/; classtype:trojan-activity;sid:83724815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861716)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.170.32.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861716/; classtype:trojan-activity;sid:83724816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861714)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861714/; classtype:trojan-activity;sid:83724814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861710)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861710/; classtype:trojan-activity;sid:83724810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861708)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861708/; classtype:trojan-activity;sid:83724808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861707)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861707/; classtype:trojan-activity;sid:83724807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861694)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"41.71.51.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861694/; classtype:trojan-activity;sid:83724794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861695)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.216.105.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861695/; classtype:trojan-activity;sid:83724795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861697)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"222.252.15.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861697/; classtype:trojan-activity;sid:83724797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861700)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"14stirling.dyndns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861700/; classtype:trojan-activity;sid:83724800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861702)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.147.175.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861702/; classtype:trojan-activity;sid:83724802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861682)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861682/; classtype:trojan-activity;sid:83724782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861685)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861685/; classtype:trojan-activity;sid:83724785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861686)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861686/; classtype:trojan-activity;sid:83724786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861687)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"124.19.77.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861687/; classtype:trojan-activity;sid:83724787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861688)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861688/; classtype:trojan-activity;sid:83724788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861689)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.125.243.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861689/; classtype:trojan-activity;sid:83724789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861690)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861690/; classtype:trojan-activity;sid:83724790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861692)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861692/; classtype:trojan-activity;sid:83724792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861693)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861693/; classtype:trojan-activity;sid:83724793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861680)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861680/; classtype:trojan-activity;sid:83724780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861674)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.199.4.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861674/; classtype:trojan-activity;sid:83724774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861675)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861675/; classtype:trojan-activity;sid:83724775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861676)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861676/; classtype:trojan-activity;sid:83724776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861677)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861677/; classtype:trojan-activity;sid:83724777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861678)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"96.76.18.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861678/; classtype:trojan-activity;sid:83724778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861672)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"36.95.166.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861672/; classtype:trojan-activity;sid:83724772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861670)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861670/; classtype:trojan-activity;sid:83724770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861668)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861668/; classtype:trojan-activity;sid:83724768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861666)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861666/; classtype:trojan-activity;sid:83724766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861667)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861667/; classtype:trojan-activity;sid:83724767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861664)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861664/; classtype:trojan-activity;sid:83724764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861652)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861652/; classtype:trojan-activity;sid:83724752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861657)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.173.70.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861657/; classtype:trojan-activity;sid:83724757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861659)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861659/; classtype:trojan-activity;sid:83724759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861660)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"39.175.56.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861660/; classtype:trojan-activity;sid:83724760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861661)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861661/; classtype:trojan-activity;sid:83724761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861643)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861643/; classtype:trojan-activity;sid:83724743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861646)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861646/; classtype:trojan-activity;sid:83724746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861639)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861639/; classtype:trojan-activity;sid:83724739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861640)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861640/; classtype:trojan-activity;sid:83724740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861641)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861641/; classtype:trojan-activity;sid:83724741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861632)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.122.141.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861632/; classtype:trojan-activity;sid:83724732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861633)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861633/; classtype:trojan-activity;sid:83724733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861636)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.47.248.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861636/; classtype:trojan-activity;sid:83724736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861637)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861637/; classtype:trojan-activity;sid:83724737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861629)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861629/; classtype:trojan-activity;sid:83724729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861627)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.121.113.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861627/; classtype:trojan-activity;sid:83724727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861628)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861628/; classtype:trojan-activity;sid:83724728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861626)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861626/; classtype:trojan-activity;sid:83724726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861613)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861613/; classtype:trojan-activity;sid:83724713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861614)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861614/; classtype:trojan-activity;sid:83724714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861615)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861615/; classtype:trojan-activity;sid:83724715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861616)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861616/; classtype:trojan-activity;sid:83724716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861619)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861619/; classtype:trojan-activity;sid:83724719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861620)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861620/; classtype:trojan-activity;sid:83724720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861622)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861622/; classtype:trojan-activity;sid:83724722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861624)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1.179.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861624/; classtype:trojan-activity;sid:83724724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861595)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.148.194.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861595/; classtype:trojan-activity;sid:83724695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861597)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"69.75.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861597/; classtype:trojan-activity;sid:83724697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861598)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861598/; classtype:trojan-activity;sid:83724698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861600)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"223.82.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861600/; classtype:trojan-activity;sid:83724700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861601)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861601/; classtype:trojan-activity;sid:83724701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861602)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.21.148.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861602/; classtype:trojan-activity;sid:83724702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861606)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861606/; classtype:trojan-activity;sid:83724706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861609)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861609/; classtype:trojan-activity;sid:83724709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861592)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861592/; classtype:trojan-activity;sid:83724692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861594)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861594/; classtype:trojan-activity;sid:83724694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861588)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"93.63.154.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861588/; classtype:trojan-activity;sid:83724688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861586)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861586/; classtype:trojan-activity;sid:83724686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861582)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861582/; classtype:trojan-activity;sid:83724682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861567)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861567/; classtype:trojan-activity;sid:83724667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861568)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861568/; classtype:trojan-activity;sid:83724668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861569)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"113.160.251.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861569/; classtype:trojan-activity;sid:83724669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861570)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861570/; classtype:trojan-activity;sid:83724670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861573)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861573/; classtype:trojan-activity;sid:83724673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861577)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861577/; classtype:trojan-activity;sid:83724677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861579)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861579/; classtype:trojan-activity;sid:83724679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861580)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"59.154.252.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861580/; classtype:trojan-activity;sid:83724680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861556)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861556/; classtype:trojan-activity;sid:83724656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861559)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861559/; classtype:trojan-activity;sid:83724659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861562)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861562/; classtype:trojan-activity;sid:83724662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861563)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861563/; classtype:trojan-activity;sid:83724663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861564)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"172.115.81.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861564/; classtype:trojan-activity;sid:83724664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861551)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.76.12.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861551/; classtype:trojan-activity;sid:83724651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861553)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.230.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861553/; classtype:trojan-activity;sid:83724653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861554)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861554/; classtype:trojan-activity;sid:83724654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861555)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"88.123.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861555/; classtype:trojan-activity;sid:83724655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861549)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861549/; classtype:trojan-activity;sid:83724649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861548)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.196.96.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861548/; classtype:trojan-activity;sid:83724648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861547)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861547/; classtype:trojan-activity;sid:83724647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861543)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.231.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861543/; classtype:trojan-activity;sid:83724643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861541)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.99.124.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861541/; classtype:trojan-activity;sid:83724641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861538)"; flow:established,from_client; content:"GET"; http_method; content:"/tsaplqyj.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bafybeicnmx2fcaolinpdaiqjo7hgsourg3qzaxf57psdrbqic4qrm4pf3i.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861538/; classtype:trojan-activity;sid:83724638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2860721)"; flow:established,from_client; content:"GET"; http_method; content:"/srbijasetuphokej.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_23; reference:url, urlhaus.abuse.ch/url/2860721/; classtype:trojan-activity;sid:83723821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2860121)"; flow:established,from_client; content:"GET"; http_method; content:"/ipfs/bafybeihztxwimpjrjtlr3djk5sxcxnyiubceso2zkoijuplsccegiceqya/ngown.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"ipfs.io"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2024_05_23; reference:url, urlhaus.abuse.ch/url/2860121/; classtype:trojan-activity;sid:83723221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859508)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.148.194.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859508/; classtype:trojan-activity;sid:83722608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859117)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/arm"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2859117/; classtype:trojan-activity;sid:83722217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859027)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15378217/all.2023.tax.documents.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2859027/; classtype:trojan-activity;sid:83722127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2858898)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2858898/; classtype:trojan-activity;sid:83721998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857904)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857904/; classtype:trojan-activity;sid:83721004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857893)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.21.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857893/; classtype:trojan-activity;sid:83720993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857892)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857892/; classtype:trojan-activity;sid:83720992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857888)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857888/; classtype:trojan-activity;sid:83720988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857884)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857884/; classtype:trojan-activity;sid:83720984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857881)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857881/; classtype:trojan-activity;sid:83720981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857874)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857874/; classtype:trojan-activity;sid:83720974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857875)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857875/; classtype:trojan-activity;sid:83720975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857878)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.122.141.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857878/; classtype:trojan-activity;sid:83720978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857872)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.196.121.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857872/; classtype:trojan-activity;sid:83720972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857868)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857868/; classtype:trojan-activity;sid:83720968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857870)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857870/; classtype:trojan-activity;sid:83720970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857865)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.154.122.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857865/; classtype:trojan-activity;sid:83720965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857866)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857866/; classtype:trojan-activity;sid:83720966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857861)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857861/; classtype:trojan-activity;sid:83720961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857859)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857859/; classtype:trojan-activity;sid:83720959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857854)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.154.67.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857854/; classtype:trojan-activity;sid:83720954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857850)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857850/; classtype:trojan-activity;sid:83720950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857851)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.87.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857851/; classtype:trojan-activity;sid:83720951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857848)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857848/; classtype:trojan-activity;sid:83720948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857849)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857849/; classtype:trojan-activity;sid:83720949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857844)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.2.229.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857844/; classtype:trojan-activity;sid:83720944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857846)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857846/; classtype:trojan-activity;sid:83720946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857837)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857837/; classtype:trojan-activity;sid:83720937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857838)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"149.62.200.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857838/; classtype:trojan-activity;sid:83720938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857834)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857834/; classtype:trojan-activity;sid:83720934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857835)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857835/; classtype:trojan-activity;sid:83720935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857836)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.95.166.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857836/; classtype:trojan-activity;sid:83720936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857831)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"98.180.230.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857831/; classtype:trojan-activity;sid:83720931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857822)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857822/; classtype:trojan-activity;sid:83720922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857820)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.31.226.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857820/; classtype:trojan-activity;sid:83720920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857821)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857821/; classtype:trojan-activity;sid:83720921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857813)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857813/; classtype:trojan-activity;sid:83720913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857809)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857809/; classtype:trojan-activity;sid:83720909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857810)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.19.79.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857810/; classtype:trojan-activity;sid:83720910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857807)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.3.248.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857807/; classtype:trojan-activity;sid:83720907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857804)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857804/; classtype:trojan-activity;sid:83720904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857802/; classtype:trojan-activity;sid:83720902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857795)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857795/; classtype:trojan-activity;sid:83720895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857797)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857797/; classtype:trojan-activity;sid:83720897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857794)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857794/; classtype:trojan-activity;sid:83720894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857788)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857788/; classtype:trojan-activity;sid:83720888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857785)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857785/; classtype:trojan-activity;sid:83720885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857780)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857780/; classtype:trojan-activity;sid:83720880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857778)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857778/; classtype:trojan-activity;sid:83720878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857776)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.202.20.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857776/; classtype:trojan-activity;sid:83720876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857770)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857770/; classtype:trojan-activity;sid:83720870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857771)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857771/; classtype:trojan-activity;sid:83720871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857772)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.75.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857772/; classtype:trojan-activity;sid:83720872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857773)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857773/; classtype:trojan-activity;sid:83720873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857768)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.15.181.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857768/; classtype:trojan-activity;sid:83720868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857763)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857763/; classtype:trojan-activity;sid:83720863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857762)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857762/; classtype:trojan-activity;sid:83720862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857758)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857758/; classtype:trojan-activity;sid:83720858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857752)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857752/; classtype:trojan-activity;sid:83720852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857753)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857753/; classtype:trojan-activity;sid:83720853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857754)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.123.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857754/; classtype:trojan-activity;sid:83720854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857755)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857755/; classtype:trojan-activity;sid:83720855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857750)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"125.168.166.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857750/; classtype:trojan-activity;sid:83720850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857747)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857747/; classtype:trojan-activity;sid:83720847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857749)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857749/; classtype:trojan-activity;sid:83720849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857746)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857746/; classtype:trojan-activity;sid:83720846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857736)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.154.122.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857736/; classtype:trojan-activity;sid:83720836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857730)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857730/; classtype:trojan-activity;sid:83720830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857731)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857731/; classtype:trojan-activity;sid:83720831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857724)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857724/; classtype:trojan-activity;sid:83720824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857722)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.20.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857722/; classtype:trojan-activity;sid:83720822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857721)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.171.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857721/; classtype:trojan-activity;sid:83720821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857717)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857717/; classtype:trojan-activity;sid:83720817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857719/; classtype:trojan-activity;sid:83720819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857710)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.160.185.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857710/; classtype:trojan-activity;sid:83720810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857712)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857712/; classtype:trojan-activity;sid:83720812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857708)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857708/; classtype:trojan-activity;sid:83720808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857699)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857699/; classtype:trojan-activity;sid:83720799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857696)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.241.90.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857696/; classtype:trojan-activity;sid:83720796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857692)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.173.70.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857692/; classtype:trojan-activity;sid:83720792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857693)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857693/; classtype:trojan-activity;sid:83720793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857689)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857689/; classtype:trojan-activity;sid:83720789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857687)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.160.251.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857687/; classtype:trojan-activity;sid:83720787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857679)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.154.123.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857679/; classtype:trojan-activity;sid:83720779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857674/; classtype:trojan-activity;sid:83720774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857676)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"204.11.227.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857676/; classtype:trojan-activity;sid:83720776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857678)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857678/; classtype:trojan-activity;sid:83720778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857671)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857671/; classtype:trojan-activity;sid:83720771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857672)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857672/; classtype:trojan-activity;sid:83720772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857669/; classtype:trojan-activity;sid:83720769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857666)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857666/; classtype:trojan-activity;sid:83720766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857662)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857662/; classtype:trojan-activity;sid:83720762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857660)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857660/; classtype:trojan-activity;sid:83720760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857657)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857657/; classtype:trojan-activity;sid:83720757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857653)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.87.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857653/; classtype:trojan-activity;sid:83720753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857654)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857654/; classtype:trojan-activity;sid:83720754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857655)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.20.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857655/; classtype:trojan-activity;sid:83720755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857651)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857651/; classtype:trojan-activity;sid:83720751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857652)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.170.32.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857652/; classtype:trojan-activity;sid:83720752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857645)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857645/; classtype:trojan-activity;sid:83720745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857642)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857642/; classtype:trojan-activity;sid:83720742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857633)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857633/; classtype:trojan-activity;sid:83720733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857634)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857634/; classtype:trojan-activity;sid:83720734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857635)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"204.11.227.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857635/; classtype:trojan-activity;sid:83720735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857640)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857640/; classtype:trojan-activity;sid:83720740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857630)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857630/; classtype:trojan-activity;sid:83720730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857624)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857624/; classtype:trojan-activity;sid:83720724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857620)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857620/; classtype:trojan-activity;sid:83720720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857621/; classtype:trojan-activity;sid:83720721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857616)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857616/; classtype:trojan-activity;sid:83720716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857613)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857613/; classtype:trojan-activity;sid:83720713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857614)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.154.252.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857614/; classtype:trojan-activity;sid:83720714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857610)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857610/; classtype:trojan-activity;sid:83720710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857603)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"96.76.18.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857603/; classtype:trojan-activity;sid:83720703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857606)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.214.27.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857606/; classtype:trojan-activity;sid:83720706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857607)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857607/; classtype:trojan-activity;sid:83720707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857600)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857600/; classtype:trojan-activity;sid:83720700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857601)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.93.103.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857601/; classtype:trojan-activity;sid:83720701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857602)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857602/; classtype:trojan-activity;sid:83720702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857590)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857590/; classtype:trojan-activity;sid:83720690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857585)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857585/; classtype:trojan-activity;sid:83720685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857586)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857586/; classtype:trojan-activity;sid:83720686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857587)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857587/; classtype:trojan-activity;sid:83720687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857584)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857584/; classtype:trojan-activity;sid:83720684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857580)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857580/; classtype:trojan-activity;sid:83720680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857582)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857582/; classtype:trojan-activity;sid:83720682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857579)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.86.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857579/; classtype:trojan-activity;sid:83720679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857578)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857578/; classtype:trojan-activity;sid:83720678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857573)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857573/; classtype:trojan-activity;sid:83720673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857574)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857574/; classtype:trojan-activity;sid:83720674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857568)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857568/; classtype:trojan-activity;sid:83720668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857570)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857570/; classtype:trojan-activity;sid:83720670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857563)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857563/; classtype:trojan-activity;sid:83720663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857564)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.251.62.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857564/; classtype:trojan-activity;sid:83720664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857566)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857566/; classtype:trojan-activity;sid:83720666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857561)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857561/; classtype:trojan-activity;sid:83720661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857553)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857553/; classtype:trojan-activity;sid:83720653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857556)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.21.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857556/; classtype:trojan-activity;sid:83720656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857550)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.21.148.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857550/; classtype:trojan-activity;sid:83720650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857551)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857551/; classtype:trojan-activity;sid:83720651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857545)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857545/; classtype:trojan-activity;sid:83720645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857542)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857542/; classtype:trojan-activity;sid:83720642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857543)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857543/; classtype:trojan-activity;sid:83720643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857541)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857541/; classtype:trojan-activity;sid:83720641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857539)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857539/; classtype:trojan-activity;sid:83720639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857535)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.20.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857535/; classtype:trojan-activity;sid:83720635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857530)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.21.148.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857530/; classtype:trojan-activity;sid:83720630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857526)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857526/; classtype:trojan-activity;sid:83720626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857527)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857527/; classtype:trojan-activity;sid:83720627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857521)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.129.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857521/; classtype:trojan-activity;sid:83720621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857524)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857524/; classtype:trojan-activity;sid:83720624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857525)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857525/; classtype:trojan-activity;sid:83720625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857517)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.21.148.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857517/; classtype:trojan-activity;sid:83720617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857513)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857513/; classtype:trojan-activity;sid:83720613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857510)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.93.103.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857510/; classtype:trojan-activity;sid:83720610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857509)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857509/; classtype:trojan-activity;sid:83720609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857506)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"172.115.81.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857506/; classtype:trojan-activity;sid:83720606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857507)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857507/; classtype:trojan-activity;sid:83720607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857508)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.19.77.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857508/; classtype:trojan-activity;sid:83720608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857501)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857501/; classtype:trojan-activity;sid:83720601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857502)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857502/; classtype:trojan-activity;sid:83720602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857498)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857498/; classtype:trojan-activity;sid:83720598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857500)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857500/; classtype:trojan-activity;sid:83720600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857492)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.63.154.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857492/; classtype:trojan-activity;sid:83720592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857493)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857493/; classtype:trojan-activity;sid:83720593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857483)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857483/; classtype:trojan-activity;sid:83720583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857484)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857484/; classtype:trojan-activity;sid:83720584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857485)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.196.121.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857485/; classtype:trojan-activity;sid:83720585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857486/; classtype:trojan-activity;sid:83720586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857475)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857475/; classtype:trojan-activity;sid:83720575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857472)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857472/; classtype:trojan-activity;sid:83720572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857468)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.222.113.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857468/; classtype:trojan-activity;sid:83720568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857464)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857464/; classtype:trojan-activity;sid:83720564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857465)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857465/; classtype:trojan-activity;sid:83720565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857462)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"222.252.15.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857462/; classtype:trojan-activity;sid:83720562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857463)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857463/; classtype:trojan-activity;sid:83720563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857444)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857444/; classtype:trojan-activity;sid:83720544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857447)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857447/; classtype:trojan-activity;sid:83720547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857448)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857448/; classtype:trojan-activity;sid:83720548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857454)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857454/; classtype:trojan-activity;sid:83720554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857455)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857455/; classtype:trojan-activity;sid:83720555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857457)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857457/; classtype:trojan-activity;sid:83720557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857458)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.160.185.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857458/; classtype:trojan-activity;sid:83720558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857459)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.65.37.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857459/; classtype:trojan-activity;sid:83720559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857437)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.238.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857437/; classtype:trojan-activity;sid:83720537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857439)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857439/; classtype:trojan-activity;sid:83720539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857440)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"96.76.18.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857440/; classtype:trojan-activity;sid:83720540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857434)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857434/; classtype:trojan-activity;sid:83720534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857169)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857169/; classtype:trojan-activity;sid:83720269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2856551)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.223.60.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2856551/; classtype:trojan-activity;sid:83719651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854636)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig-6.18.0-linux-x64.tar.gz"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"46.231.32.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854636/; classtype:trojan-activity;sid:83717736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854622)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig0.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"14.224.174.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854622/; classtype:trojan-activity;sid:83717722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854623)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig0.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"14.224.174.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854623/; classtype:trojan-activity;sid:83717723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854611)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig-6.19.3-linux-x64.tar.gz"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"31.186.217.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854611/; classtype:trojan-activity;sid:83717711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2853223)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_17; reference:url, urlhaus.abuse.ch/url/2853223/; classtype:trojan-activity;sid:83716323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2852329)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/sabellarian.xtp"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_05_16; reference:url, urlhaus.abuse.ch/url/2852329/; classtype:trojan-activity;sid:83715429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2852325)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/pspyggxvupqvs252.bin"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_05_16; reference:url, urlhaus.abuse.ch/url/2852325/; classtype:trojan-activity;sid:83715425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2850765)"; flow:established,from_client; content:"GET"; http_method; content:"/x103.log"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zffsg.oss-ap-northeast-2.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_05_15; reference:url, urlhaus.abuse.ch/url/2850765/; classtype:trojan-activity;sid:83713865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845989)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"52.83.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845989/; classtype:trojan-activity;sid:83709089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845988)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"52.83.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845988/; classtype:trojan-activity;sid:83709088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845981)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"52.83.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845981/; classtype:trojan-activity;sid:83709081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845969)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"52.83.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845969/; classtype:trojan-activity;sid:83709069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845952)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"52.83.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845952/; classtype:trojan-activity;sid:83709052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845958)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"52.83.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845958/; classtype:trojan-activity;sid:83709058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845932)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845932/; classtype:trojan-activity;sid:83709032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845931)"; flow:established,from_client; content:"GET"; http_method; content:"/install_python3.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845931/; classtype:trojan-activity;sid:83709031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845350)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=8950d94f9949f870%213505|7c|26|7c|authkey=!afhuotcjydvf6pg"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845350/; classtype:trojan-activity;sid:83708450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842725)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842725/; classtype:trojan-activity;sid:83705825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842724)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.193.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842724/; classtype:trojan-activity;sid:83705824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842722)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.116.62.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842722/; classtype:trojan-activity;sid:83705822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842723)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.151.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842723/; classtype:trojan-activity;sid:83705823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842720)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.201.7.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842720/; classtype:trojan-activity;sid:83705820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842719)"; flow:established,from_client; content:"GET"; http_method; content:"//.i"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"90.176.171.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842719/; classtype:trojan-activity;sid:83705819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842662)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"139.5.152.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842662/; classtype:trojan-activity;sid:83705762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842665)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.169.235.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842665/; classtype:trojan-activity;sid:83705765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842655)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.92.29.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842655/; classtype:trojan-activity;sid:83705755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842650)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.35.49.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842650/; classtype:trojan-activity;sid:83705750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.169.235.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842417/; classtype:trojan-activity;sid:83705517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.28.38.135"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842413/; classtype:trojan-activity;sid:83705513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.35.49.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842402/; classtype:trojan-activity;sid:83705502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.92.29.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842405/; classtype:trojan-activity;sid:83705505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842081)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.205.81.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842081/; classtype:trojan-activity;sid:83705181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842070)"; flow:established,from_client; content:"GET"; http_method; content:"//.i"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.43.16.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842070/; classtype:trojan-activity;sid:83705170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842062)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842062/; classtype:trojan-activity;sid:83705162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842056)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71.42.105.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842056/; classtype:trojan-activity;sid:83705156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842053)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.4.51.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842053/; classtype:trojan-activity;sid:83705153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842055)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.70.95.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842055/; classtype:trojan-activity;sid:83705155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842036)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842036/; classtype:trojan-activity;sid:83705136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842029)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.109.205.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842029/; classtype:trojan-activity;sid:83705129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842033)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842033/; classtype:trojan-activity;sid:83705133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842018)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.80.77.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842018/; classtype:trojan-activity;sid:83705118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842020)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.187.118.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842020/; classtype:trojan-activity;sid:83705120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842023)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.39.247.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842023/; classtype:trojan-activity;sid:83705123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842026)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.110.206.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842026/; classtype:trojan-activity;sid:83705126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842010)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842010/; classtype:trojan-activity;sid:83705110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842012)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.255.42.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842012/; classtype:trojan-activity;sid:83705112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842015)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842015/; classtype:trojan-activity;sid:83705115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842003)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.8.227.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842003/; classtype:trojan-activity;sid:83705103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.51.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842006/; classtype:trojan-activity;sid:83705106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842007)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.107.232.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842007/; classtype:trojan-activity;sid:83705107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841995)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841995/; classtype:trojan-activity;sid:83705095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841996)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.176.27.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841996/; classtype:trojan-activity;sid:83705096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841997)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.237.172.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841997/; classtype:trojan-activity;sid:83705097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841998)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.247.13.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841998/; classtype:trojan-activity;sid:83705098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841999)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"70.45.241.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841999/; classtype:trojan-activity;sid:83705099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841987)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841987/; classtype:trojan-activity;sid:83705087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841978)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.46.255.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841978/; classtype:trojan-activity;sid:83705078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841979)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.107.78.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841979/; classtype:trojan-activity;sid:83705079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841983)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"144.48.170.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841983/; classtype:trojan-activity;sid:83705083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841972)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.36.11.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841972/; classtype:trojan-activity;sid:83705072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841974)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"151.236.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841974/; classtype:trojan-activity;sid:83705074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841976/; classtype:trojan-activity;sid:83705076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841962)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.239.254.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841962/; classtype:trojan-activity;sid:83705062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841963)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.101.191.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841963/; classtype:trojan-activity;sid:83705063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841953)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.209.184.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841953/; classtype:trojan-activity;sid:83705053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841954)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.209.184.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841954/; classtype:trojan-activity;sid:83705054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841945)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"179.189.254.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841945/; classtype:trojan-activity;sid:83705045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841947)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.151.163.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841947/; classtype:trojan-activity;sid:83705047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841941)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841941/; classtype:trojan-activity;sid:83705041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841934)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.147.168.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841934/; classtype:trojan-activity;sid:83705034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841931)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.169.136.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841931/; classtype:trojan-activity;sid:83705031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841932)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841932/; classtype:trojan-activity;sid:83705032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841926)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.87.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841926/; classtype:trojan-activity;sid:83705026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841917)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.28.38.135"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841917/; classtype:trojan-activity;sid:83705017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841807)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptography_module_windows.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"122.170.110.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841807/; classtype:trojan-activity;sid:83704907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.110.206.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841726/; classtype:trojan-activity;sid:83704826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.169.136.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841716/; classtype:trojan-activity;sid:83704816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.247.13.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841715/; classtype:trojan-activity;sid:83704815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841712/; classtype:trojan-activity;sid:83704812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.211.112.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841707/; classtype:trojan-activity;sid:83704807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.237.172.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841709/; classtype:trojan-activity;sid:83704809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.46.255.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841697/; classtype:trojan-activity;sid:83704797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841705/; classtype:trojan-activity;sid:83704805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.168.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841688/; classtype:trojan-activity;sid:83704788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841683/; classtype:trojan-activity;sid:83704783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.255.42.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841686/; classtype:trojan-activity;sid:83704786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.101.191.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841679/; classtype:trojan-activity;sid:83704779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.36.11.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841676/; classtype:trojan-activity;sid:83704776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.87.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841673/; classtype:trojan-activity;sid:83704773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.239.254.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841666/; classtype:trojan-activity;sid:83704766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.39.247.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841667/; classtype:trojan-activity;sid:83704767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.80.77.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841656/; classtype:trojan-activity;sid:83704756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.236.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841650/; classtype:trojan-activity;sid:83704750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.4.51.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841636/; classtype:trojan-activity;sid:83704736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.79.48.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841639/; classtype:trojan-activity;sid:83704739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841644/; classtype:trojan-activity;sid:83704744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841631/; classtype:trojan-activity;sid:83704731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841621/; classtype:trojan-activity;sid:83704721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.209.184.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841624/; classtype:trojan-activity;sid:83704724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.189.254.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841617/; classtype:trojan-activity;sid:83704717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.42.105.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841619/; classtype:trojan-activity;sid:83704719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841613/; classtype:trojan-activity;sid:83704713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841604/; classtype:trojan-activity;sid:83704704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.118.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841606/; classtype:trojan-activity;sid:83704706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.209.184.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841608/; classtype:trojan-activity;sid:83704708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.205.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841609/; classtype:trojan-activity;sid:83704709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.70.95.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841598/; classtype:trojan-activity;sid:83704698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.51.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841602/; classtype:trojan-activity;sid:83704702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.8.227.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841587/; classtype:trojan-activity;sid:83704687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.45.241.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841591/; classtype:trojan-activity;sid:83704691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"144.48.170.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841594/; classtype:trojan-activity;sid:83704694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.107.78.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841582/; classtype:trojan-activity;sid:83704682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.176.27.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841584/; classtype:trojan-activity;sid:83704684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.151.163.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841575/; classtype:trojan-activity;sid:83704675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841576/; classtype:trojan-activity;sid:83704676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.107.232.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841573/; classtype:trojan-activity;sid:83704673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841570/; classtype:trojan-activity;sid:83704670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841312)"; flow:established,from_client; content:"GET"; http_method; content:"/aioc_5.0.0.63_it.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"912648.aioc.qbgxl.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841312/; classtype:trojan-activity;sid:83704412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2840470)"; flow:established,from_client; content:"GET"; http_method; content:"/lidiyakamalova89/www/raw/main/ver.1.4.1.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2840470/; classtype:trojan-activity;sid:83703570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2839963)"; flow:established,from_client; content:"GET"; http_method; content:"/aioc_5.0.0.63_it.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"139520.aioc.qbgxl.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2839963/; classtype:trojan-activity;sid:83703063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837116)"; flow:established,from_client; content:"GET"; http_method; content:"/ag_injector_latest.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dl.aginjector.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837116/; classtype:trojan-activity;sid:83700216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836854)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.146.202.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836854/; classtype:trojan-activity;sid:83699954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836844)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"195.211.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836844/; classtype:trojan-activity;sid:83699944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836794)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/bots_mips"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836794/; classtype:trojan-activity;sid:83699894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835124)"; flow:established,from_client; content:"GET"; http_method; content:"/static/tiktok/ready.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gawx.florenda.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835124/; classtype:trojan-activity;sid:83698224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835122)"; flow:established,from_client; content:"GET"; http_method; content:"/static/tiktok/ready.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gawx.florenda.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835122/; classtype:trojan-activity;sid:83698222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834467)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.249.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834467/; classtype:trojan-activity;sid:83697567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834442)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834442/; classtype:trojan-activity;sid:83697542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834400)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834400/; classtype:trojan-activity;sid:83697500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834387)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834387/; classtype:trojan-activity;sid:83697487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834372)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834372/; classtype:trojan-activity;sid:83697472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833916)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/main/cock.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833916/; classtype:trojan-activity;sid:83697016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833904)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/raw/main/cock.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833904/; classtype:trojan-activity;sid:83697004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833829)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/disbot"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833829/; classtype:trojan-activity;sid:83696929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833648)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm7"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833648/; classtype:trojan-activity;sid:83696748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833649)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm6"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833649/; classtype:trojan-activity;sid:83696749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833650)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/mips"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833650/; classtype:trojan-activity;sid:83696750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833651)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/x86_64"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833651/; classtype:trojan-activity;sid:83696751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833643)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm5"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833643/; classtype:trojan-activity;sid:83696743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833644)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/m68k"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833644/; classtype:trojan-activity;sid:83696744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833645)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/sh4"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833645/; classtype:trojan-activity;sid:83696745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833646)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/mpsl"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833646/; classtype:trojan-activity;sid:83696746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833647)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833647/; classtype:trojan-activity;sid:83696747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833642)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/x86_32"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833642/; classtype:trojan-activity;sid:83696742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833217)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/386"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833217/; classtype:trojan-activity;sid:83696317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833216)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/mips"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833216/; classtype:trojan-activity;sid:83696316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833213)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/mpsl"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833213/; classtype:trojan-activity;sid:83696313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832385)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=59261c7e41b6478a%21212|7c|26|7c|authkey=!agx6xu7a8tjfwjs"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832385/; classtype:trojan-activity;sid:83695485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832383)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=59261c7e41b6478a%21215|7c|26|7c|authkey=!ailxsvzlzbop3io"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832383/; classtype:trojan-activity;sid:83695483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830963)"; flow:established,from_client; content:"GET"; http_method; content:"/kampfkarren/roblox/files/15001743/roexec.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830963/; classtype:trojan-activity;sid:83694063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830955)"; flow:established,from_client; content:"GET"; http_method; content:"/delta-io/delta/files/15016110/delta.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830955/; classtype:trojan-activity;sid:83694055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828091)"; flow:established,from_client; content:"GET"; http_method; content:"/apk/imtoken-intl-v2.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"154.23.240.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828091/; classtype:trojan-activity;sid:83691191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825975)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=b24528e77689f9ac%21162|7c|26|7c|authkey=!apfh4vxvdjek1qc"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825975/; classtype:trojan-activity;sid:83689075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825003)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=fdb0512de793b32e%21192|7c|26|7c|authkey=!aabmannkbvjdxgc"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825003/; classtype:trojan-activity;sid:83688103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825002)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/45.64.rar"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.167.2.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825002/; classtype:trojan-activity;sid:83688102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824999)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/45.64.json"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"121.167.2.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824999/; classtype:trojan-activity;sid:83688099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824981)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824981/; classtype:trojan-activity;sid:83688081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824688)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.79.48.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824688/; classtype:trojan-activity;sid:83687788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824078)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win64-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824078/; classtype:trojan-activity;sid:83687178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824079)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-osx-unsigned.dmg"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824079/; classtype:trojan-activity;sid:83687179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824077)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win32-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824077/; classtype:trojan-activity;sid:83687177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823150)"; flow:established,from_client; content:"GET"; http_method; content:"/y-steamworks.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"117.50.194.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823150/; classtype:trojan-activity;sid:83686250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822910)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.150.253.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822910/; classtype:trojan-activity;sid:83686010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822909)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.89.188.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822909/; classtype:trojan-activity;sid:83686009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822908)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.30.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822908/; classtype:trojan-activity;sid:83686008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822907)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822907/; classtype:trojan-activity;sid:83686007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822890)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.50.148.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822890/; classtype:trojan-activity;sid:83685990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822894)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.136.240.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822894/; classtype:trojan-activity;sid:83685994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822895)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822895/; classtype:trojan-activity;sid:83685995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822899)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.18.223.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822899/; classtype:trojan-activity;sid:83685999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822902)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.38.60.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822902/; classtype:trojan-activity;sid:83686002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822903)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.188.48.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822903/; classtype:trojan-activity;sid:83686003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822886)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.92.222.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822886/; classtype:trojan-activity;sid:83685986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822887)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.30.245.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822887/; classtype:trojan-activity;sid:83685987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822881)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.131.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822881/; classtype:trojan-activity;sid:83685981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822882)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.141.135.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822882/; classtype:trojan-activity;sid:83685982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822876)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.76.195.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822876/; classtype:trojan-activity;sid:83685976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822866)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.254.173.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822866/; classtype:trojan-activity;sid:83685966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822867)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.65.15.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822867/; classtype:trojan-activity;sid:83685967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822869)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.114.137.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822869/; classtype:trojan-activity;sid:83685969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822870)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.184.84.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822870/; classtype:trojan-activity;sid:83685970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822874)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.120.179.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822874/; classtype:trojan-activity;sid:83685974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822861)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.189.172.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822861/; classtype:trojan-activity;sid:83685961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822863)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.77.74.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822863/; classtype:trojan-activity;sid:83685963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822844)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.81.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822844/; classtype:trojan-activity;sid:83685944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822845)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"75.183.98.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822845/; classtype:trojan-activity;sid:83685945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822846)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.67.251.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822846/; classtype:trojan-activity;sid:83685946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822847)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822847/; classtype:trojan-activity;sid:83685947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822833)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.253.241.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822833/; classtype:trojan-activity;sid:83685933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822834)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.154.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822834/; classtype:trojan-activity;sid:83685934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822821)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.210.217.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822821/; classtype:trojan-activity;sid:83685921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822823)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822823/; classtype:trojan-activity;sid:83685923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822824)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.227.118.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822824/; classtype:trojan-activity;sid:83685924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822825)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822825/; classtype:trojan-activity;sid:83685925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822828)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"122.201.25.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822828/; classtype:trojan-activity;sid:83685928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822808)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.254.223.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822808/; classtype:trojan-activity;sid:83685908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822809)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822809/; classtype:trojan-activity;sid:83685909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822811)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822811/; classtype:trojan-activity;sid:83685911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822812)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.89.11.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822812/; classtype:trojan-activity;sid:83685912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822814)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.34.20.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822814/; classtype:trojan-activity;sid:83685914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822815)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.189.125.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822815/; classtype:trojan-activity;sid:83685915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822816)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.36.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822816/; classtype:trojan-activity;sid:83685916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822819)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.114.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822819/; classtype:trojan-activity;sid:83685919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822802)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.96.214.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822802/; classtype:trojan-activity;sid:83685902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822806)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.116.68.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822806/; classtype:trojan-activity;sid:83685906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822797)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.81.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822797/; classtype:trojan-activity;sid:83685897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822800)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.69.88.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822800/; classtype:trojan-activity;sid:83685900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822794)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822794/; classtype:trojan-activity;sid:83685894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822778)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.176.137.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822778/; classtype:trojan-activity;sid:83685878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822781)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.158.175.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822781/; classtype:trojan-activity;sid:83685881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822782)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.135.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822782/; classtype:trojan-activity;sid:83685882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822783)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.37.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822783/; classtype:trojan-activity;sid:83685883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822784)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.237.174.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822784/; classtype:trojan-activity;sid:83685884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822789)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.120.179.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822789/; classtype:trojan-activity;sid:83685889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822790)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.227.118.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822790/; classtype:trojan-activity;sid:83685890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822792)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822792/; classtype:trojan-activity;sid:83685892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822770)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.252.66.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822770/; classtype:trojan-activity;sid:83685870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822772)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.210.50.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822772/; classtype:trojan-activity;sid:83685872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822774)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822774/; classtype:trojan-activity;sid:83685874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822762)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"139.60.191.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822762/; classtype:trojan-activity;sid:83685862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822763)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822763/; classtype:trojan-activity;sid:83685863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822764)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.246.177.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822764/; classtype:trojan-activity;sid:83685864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822768)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822768/; classtype:trojan-activity;sid:83685868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822757)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.244.112.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822757/; classtype:trojan-activity;sid:83685857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822754)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822754/; classtype:trojan-activity;sid:83685854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822755)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.1.157.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822755/; classtype:trojan-activity;sid:83685855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822751)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.42.201.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822751/; classtype:trojan-activity;sid:83685851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822747)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822747/; classtype:trojan-activity;sid:83685847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822734)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822734/; classtype:trojan-activity;sid:83685834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822735)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822735/; classtype:trojan-activity;sid:83685835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822736)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.63.242.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822736/; classtype:trojan-activity;sid:83685836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822737)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.242.106.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822737/; classtype:trojan-activity;sid:83685837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822740)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"168.228.6.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822740/; classtype:trojan-activity;sid:83685840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822743)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.7.153.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822743/; classtype:trojan-activity;sid:83685843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822744)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822744/; classtype:trojan-activity;sid:83685844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822727)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"138.19.251.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822727/; classtype:trojan-activity;sid:83685827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822733)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.70.242.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822733/; classtype:trojan-activity;sid:83685833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822718)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.205.90.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822718/; classtype:trojan-activity;sid:83685818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822721)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822721/; classtype:trojan-activity;sid:83685821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822724)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822724/; classtype:trojan-activity;sid:83685824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822711)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822711/; classtype:trojan-activity;sid:83685811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822706)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.215.61.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822706/; classtype:trojan-activity;sid:83685806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822707)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.57.121.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822707/; classtype:trojan-activity;sid:83685807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822695)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.135.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822695/; classtype:trojan-activity;sid:83685795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822697)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.71.191.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822697/; classtype:trojan-activity;sid:83685797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822699)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.236.114.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822699/; classtype:trojan-activity;sid:83685799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822704)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.171.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822704/; classtype:trojan-activity;sid:83685804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822705)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.52.164.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822705/; classtype:trojan-activity;sid:83685805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822684)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.182.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822684/; classtype:trojan-activity;sid:83685784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822685)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.191.16.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822685/; classtype:trojan-activity;sid:83685785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822688)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.224.100.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822688/; classtype:trojan-activity;sid:83685788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822689)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.43.201.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822689/; classtype:trojan-activity;sid:83685789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822691)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822691/; classtype:trojan-activity;sid:83685791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822677)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.76.195.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822677/; classtype:trojan-activity;sid:83685777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822678)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.212.109.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822678/; classtype:trojan-activity;sid:83685778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822681)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.196.120.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822681/; classtype:trojan-activity;sid:83685781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822674)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.156.46.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822674/; classtype:trojan-activity;sid:83685774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822671)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822671/; classtype:trojan-activity;sid:83685771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822670)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.78.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822670/; classtype:trojan-activity;sid:83685770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822667)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"191.103.217.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822667/; classtype:trojan-activity;sid:83685767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822646)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822646/; classtype:trojan-activity;sid:83685746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822650)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.2.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822650/; classtype:trojan-activity;sid:83685750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822651)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"65.132.139.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822651/; classtype:trojan-activity;sid:83685751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822653)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"221.120.98.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822653/; classtype:trojan-activity;sid:83685753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822655)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822655/; classtype:trojan-activity;sid:83685755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822658)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.218.50.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822658/; classtype:trojan-activity;sid:83685758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822637)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"189.204.177.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822637/; classtype:trojan-activity;sid:83685737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822638)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.183.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822638/; classtype:trojan-activity;sid:83685738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822639)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"218.86.123.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822639/; classtype:trojan-activity;sid:83685739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822633)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.78.118.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822633/; classtype:trojan-activity;sid:83685733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822634)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822634/; classtype:trojan-activity;sid:83685734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822619)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822619/; classtype:trojan-activity;sid:83685719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822620)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822620/; classtype:trojan-activity;sid:83685720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822601)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.94.29.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822601/; classtype:trojan-activity;sid:83685701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822603)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.113.141.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822603/; classtype:trojan-activity;sid:83685703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822609)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.159.0.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822609/; classtype:trojan-activity;sid:83685709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822612)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822612/; classtype:trojan-activity;sid:83685712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822616)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822616/; classtype:trojan-activity;sid:83685716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822617)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.188.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822617/; classtype:trojan-activity;sid:83685717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822590)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.22.48.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822590/; classtype:trojan-activity;sid:83685690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822592)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822592/; classtype:trojan-activity;sid:83685692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822575)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.4.222.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822575/; classtype:trojan-activity;sid:83685675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822578)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.175.134.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822578/; classtype:trojan-activity;sid:83685678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822580)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.43.59.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822580/; classtype:trojan-activity;sid:83685680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822581)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.171.80.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822581/; classtype:trojan-activity;sid:83685681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822583)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822583/; classtype:trojan-activity;sid:83685683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822585)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.89.199.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822585/; classtype:trojan-activity;sid:83685685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822586)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"144.48.169.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822586/; classtype:trojan-activity;sid:83685686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822587)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.179.41.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822587/; classtype:trojan-activity;sid:83685687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822566)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.104.195.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822566/; classtype:trojan-activity;sid:83685666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822567)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822567/; classtype:trojan-activity;sid:83685667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822568)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.150.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822568/; classtype:trojan-activity;sid:83685668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822570)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.5.19.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822570/; classtype:trojan-activity;sid:83685670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822572)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.115.174.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822572/; classtype:trojan-activity;sid:83685672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822573)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.128.231.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822573/; classtype:trojan-activity;sid:83685673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822557)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.41.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822557/; classtype:trojan-activity;sid:83685657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822559)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.9.192.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822559/; classtype:trojan-activity;sid:83685659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822564)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.249.52.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822564/; classtype:trojan-activity;sid:83685664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822553)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822553/; classtype:trojan-activity;sid:83685653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822547)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.73.70.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822547/; classtype:trojan-activity;sid:83685647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822549)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822549/; classtype:trojan-activity;sid:83685649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822544)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822544/; classtype:trojan-activity;sid:83685644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822545)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"139.255.17.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822545/; classtype:trojan-activity;sid:83685645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822546)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.69.219.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822546/; classtype:trojan-activity;sid:83685646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822537)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822537/; classtype:trojan-activity;sid:83685637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822542)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"179.190.109.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822542/; classtype:trojan-activity;sid:83685642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822543)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.119.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822543/; classtype:trojan-activity;sid:83685643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822523)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.167.25.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822523/; classtype:trojan-activity;sid:83685623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822524)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.136.195.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822524/; classtype:trojan-activity;sid:83685624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822525)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.232.241.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822525/; classtype:trojan-activity;sid:83685625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822526)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"90.182.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822526/; classtype:trojan-activity;sid:83685626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822530)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.64.96.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822530/; classtype:trojan-activity;sid:83685630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822533)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.120.241.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822533/; classtype:trojan-activity;sid:83685633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822518)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822518/; classtype:trojan-activity;sid:83685618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822522)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.140.32.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822522/; classtype:trojan-activity;sid:83685622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822512)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822512/; classtype:trojan-activity;sid:83685612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822514)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"136.169.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822514/; classtype:trojan-activity;sid:83685614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822515)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.248.145.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822515/; classtype:trojan-activity;sid:83685615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822517)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.66.105.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822517/; classtype:trojan-activity;sid:83685617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822507)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.141.122.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822507/; classtype:trojan-activity;sid:83685607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822501)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.189.188.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822501/; classtype:trojan-activity;sid:83685601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822505)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.219.119.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822505/; classtype:trojan-activity;sid:83685605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822495)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.28.123.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822495/; classtype:trojan-activity;sid:83685595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822496)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.33.114.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822496/; classtype:trojan-activity;sid:83685596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822494)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.253.154.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822494/; classtype:trojan-activity;sid:83685594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822490)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.211.153.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822490/; classtype:trojan-activity;sid:83685590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822487)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.124.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822487/; classtype:trojan-activity;sid:83685587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822488)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822488/; classtype:trojan-activity;sid:83685588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822478)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822478/; classtype:trojan-activity;sid:83685578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822481)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.224.243.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822481/; classtype:trojan-activity;sid:83685581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822482)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.216.28.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822482/; classtype:trojan-activity;sid:83685582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822484)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.99.230.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822484/; classtype:trojan-activity;sid:83685584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822485)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.134.42.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822485/; classtype:trojan-activity;sid:83685585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822467)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.126.186.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822467/; classtype:trojan-activity;sid:83685567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822468)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.144.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822468/; classtype:trojan-activity;sid:83685568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822471)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822471/; classtype:trojan-activity;sid:83685571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822474)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.4.110.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822474/; classtype:trojan-activity;sid:83685574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822475)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.71.250.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822475/; classtype:trojan-activity;sid:83685575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822477)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822477/; classtype:trojan-activity;sid:83685577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822460)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.69.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822460/; classtype:trojan-activity;sid:83685560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822462)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822462/; classtype:trojan-activity;sid:83685562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822455)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.130.70.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822455/; classtype:trojan-activity;sid:83685555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822451)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.214.241.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822451/; classtype:trojan-activity;sid:83685551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822436)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"90.182.214.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822436/; classtype:trojan-activity;sid:83685536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822439)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.114.109.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822439/; classtype:trojan-activity;sid:83685539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822441)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.90.207.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822441/; classtype:trojan-activity;sid:83685541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822442)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71.83.248.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822442/; classtype:trojan-activity;sid:83685542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822443)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822443/; classtype:trojan-activity;sid:83685543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822446)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.230.159.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822446/; classtype:trojan-activity;sid:83685546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822426)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.134.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822426/; classtype:trojan-activity;sid:83685526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822430)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.112.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822430/; classtype:trojan-activity;sid:83685530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822432)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.71.69.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822432/; classtype:trojan-activity;sid:83685532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822416)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822416/; classtype:trojan-activity;sid:83685516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822417)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822417/; classtype:trojan-activity;sid:83685517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822418)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.98.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822418/; classtype:trojan-activity;sid:83685518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822421)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.43.34.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822421/; classtype:trojan-activity;sid:83685521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822411)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.111.14.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822411/; classtype:trojan-activity;sid:83685511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822414)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.7.158.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822414/; classtype:trojan-activity;sid:83685514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822415)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.193.118.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822415/; classtype:trojan-activity;sid:83685515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822409)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.140.176.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822409/; classtype:trojan-activity;sid:83685509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822406)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.10.211.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822406/; classtype:trojan-activity;sid:83685506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822407)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822407/; classtype:trojan-activity;sid:83685507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822398)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.77.128.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822398/; classtype:trojan-activity;sid:83685498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822399)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"216.155.93.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822399/; classtype:trojan-activity;sid:83685499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822401)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.189.222.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822401/; classtype:trojan-activity;sid:83685501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822405)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822405/; classtype:trojan-activity;sid:83685505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822388)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.69.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822388/; classtype:trojan-activity;sid:83685488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822389)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822389/; classtype:trojan-activity;sid:83685489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822393)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.122.28.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822393/; classtype:trojan-activity;sid:83685493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822394)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.89.178.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822394/; classtype:trojan-activity;sid:83685494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822395)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.50.169.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822395/; classtype:trojan-activity;sid:83685495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822396)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822396/; classtype:trojan-activity;sid:83685496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822377)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822377/; classtype:trojan-activity;sid:83685477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822378)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.181.34.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822378/; classtype:trojan-activity;sid:83685478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822382)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.217.148.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822382/; classtype:trojan-activity;sid:83685482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822384)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822384/; classtype:trojan-activity;sid:83685484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822385)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822385/; classtype:trojan-activity;sid:83685485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822371)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822371/; classtype:trojan-activity;sid:83685471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822372)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822372/; classtype:trojan-activity;sid:83685472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822376)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.147.120.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822376/; classtype:trojan-activity;sid:83685476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822358)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.190.76.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822358/; classtype:trojan-activity;sid:83685458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822361)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"66.198.199.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822361/; classtype:trojan-activity;sid:83685461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822362)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822362/; classtype:trojan-activity;sid:83685462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822363)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.176.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822363/; classtype:trojan-activity;sid:83685463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822364)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.211.197.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822364/; classtype:trojan-activity;sid:83685464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822353)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822353/; classtype:trojan-activity;sid:83685453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822354)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.99.218.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822354/; classtype:trojan-activity;sid:83685454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822355)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822355/; classtype:trojan-activity;sid:83685455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822345)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.200.203.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822345/; classtype:trojan-activity;sid:83685445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822337)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.68.95.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822337/; classtype:trojan-activity;sid:83685437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822342)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.111.116.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822342/; classtype:trojan-activity;sid:83685442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822332)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.29.162.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822332/; classtype:trojan-activity;sid:83685432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822334)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822334/; classtype:trojan-activity;sid:83685434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822335)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.123.142.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822335/; classtype:trojan-activity;sid:83685435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822325)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822325/; classtype:trojan-activity;sid:83685425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822320)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"108.162.187.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822320/; classtype:trojan-activity;sid:83685420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822321)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822321/; classtype:trojan-activity;sid:83685421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822316)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.73.242.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822316/; classtype:trojan-activity;sid:83685416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822304)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.28.11.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822304/; classtype:trojan-activity;sid:83685404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822308)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822308/; classtype:trojan-activity;sid:83685408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822299)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822299/; classtype:trojan-activity;sid:83685399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822300)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.52.48.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822300/; classtype:trojan-activity;sid:83685400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822302)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.73.49.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822302/; classtype:trojan-activity;sid:83685402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822288)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.29.19.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822288/; classtype:trojan-activity;sid:83685388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822291)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.239.120.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822291/; classtype:trojan-activity;sid:83685391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822294)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"75.136.50.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822294/; classtype:trojan-activity;sid:83685394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822295)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.0.131.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822295/; classtype:trojan-activity;sid:83685395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822284)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"173.235.65.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822284/; classtype:trojan-activity;sid:83685384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822286)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.237.250.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822286/; classtype:trojan-activity;sid:83685386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822287)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822287/; classtype:trojan-activity;sid:83685387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822274)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.43.16.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822274/; classtype:trojan-activity;sid:83685374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822275)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822275/; classtype:trojan-activity;sid:83685375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822272)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"117.120.28.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822272/; classtype:trojan-activity;sid:83685372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822267)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"120.31.135.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822267/; classtype:trojan-activity;sid:83685367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822268)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.122.96.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822268/; classtype:trojan-activity;sid:83685368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822262)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.172.170.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822262/; classtype:trojan-activity;sid:83685362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822263)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.228.64.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822263/; classtype:trojan-activity;sid:83685363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822265)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.199.144.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822265/; classtype:trojan-activity;sid:83685365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822255/; classtype:trojan-activity;sid:83685355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822258)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.237.174.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822258/; classtype:trojan-activity;sid:83685358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822259)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822259/; classtype:trojan-activity;sid:83685359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822250)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.117.210.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822250/; classtype:trojan-activity;sid:83685350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822253)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.83.245.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822253/; classtype:trojan-activity;sid:83685353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822240)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822240/; classtype:trojan-activity;sid:83685340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822242)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.218.172.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822242/; classtype:trojan-activity;sid:83685342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822236)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.24.131.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822236/; classtype:trojan-activity;sid:83685336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822234)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.193.118.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822234/; classtype:trojan-activity;sid:83685334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822225)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.246.214.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822225/; classtype:trojan-activity;sid:83685325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822227)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.155.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822227/; classtype:trojan-activity;sid:83685327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822228)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.17.248.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822228/; classtype:trojan-activity;sid:83685328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822229)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"208.89.168.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822229/; classtype:trojan-activity;sid:83685329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822230)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.254.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822230/; classtype:trojan-activity;sid:83685330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822219)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.153.22.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822219/; classtype:trojan-activity;sid:83685319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822221)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.165.192.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822221/; classtype:trojan-activity;sid:83685321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822211)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.93.83.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822211/; classtype:trojan-activity;sid:83685311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822212)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.17.61.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822212/; classtype:trojan-activity;sid:83685312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822214)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.217.148.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822214/; classtype:trojan-activity;sid:83685314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822204)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.157.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822204/; classtype:trojan-activity;sid:83685304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822205)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.188.254.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822205/; classtype:trojan-activity;sid:83685305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822207)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822207/; classtype:trojan-activity;sid:83685307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822208)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.183.186.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822208/; classtype:trojan-activity;sid:83685308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822196)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.40.84.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822196/; classtype:trojan-activity;sid:83685296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822197)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822197/; classtype:trojan-activity;sid:83685297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822198)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.163.57.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822198/; classtype:trojan-activity;sid:83685298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822200)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.211.154.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822200/; classtype:trojan-activity;sid:83685300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822194)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.254.192.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822194/; classtype:trojan-activity;sid:83685294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822192)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.255.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822192/; classtype:trojan-activity;sid:83685292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822187)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.211.169.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822187/; classtype:trojan-activity;sid:83685287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822189)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822189/; classtype:trojan-activity;sid:83685289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822190)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822190/; classtype:trojan-activity;sid:83685290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822182)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822182/; classtype:trojan-activity;sid:83685282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822184)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.187.151.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822184/; classtype:trojan-activity;sid:83685284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822173)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822173/; classtype:trojan-activity;sid:83685273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822177)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"61.9.53.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822177/; classtype:trojan-activity;sid:83685277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822178)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.60.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822178/; classtype:trojan-activity;sid:83685278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822181)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822181/; classtype:trojan-activity;sid:83685281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822160)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.4.199"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822160/; classtype:trojan-activity;sid:83685260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822162)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.62.233.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822162/; classtype:trojan-activity;sid:83685262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822165)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822165/; classtype:trojan-activity;sid:83685265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822167)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822167/; classtype:trojan-activity;sid:83685267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822168)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.190.20.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822168/; classtype:trojan-activity;sid:83685268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822157)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.222.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822157/; classtype:trojan-activity;sid:83685257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822153)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822153/; classtype:trojan-activity;sid:83685253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822155)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.18.223.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822155/; classtype:trojan-activity;sid:83685255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822149)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.129.2.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822149/; classtype:trojan-activity;sid:83685249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822151)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.218.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822151/; classtype:trojan-activity;sid:83685251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822142)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.44.110.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822142/; classtype:trojan-activity;sid:83685242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822144)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.0.4.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822144/; classtype:trojan-activity;sid:83685244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822138)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.191.123.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822138/; classtype:trojan-activity;sid:83685238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822130)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.21.132.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822130/; classtype:trojan-activity;sid:83685230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822131)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.162.141.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822131/; classtype:trojan-activity;sid:83685231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822132)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822132/; classtype:trojan-activity;sid:83685232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822133)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.154.84.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822133/; classtype:trojan-activity;sid:83685233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822134)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.89.240.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822134/; classtype:trojan-activity;sid:83685234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822137)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.174.152.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822137/; classtype:trojan-activity;sid:83685237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822125)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.17.23.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822125/; classtype:trojan-activity;sid:83685225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822127)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.200.63.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822127/; classtype:trojan-activity;sid:83685227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822116)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.115.254.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822116/; classtype:trojan-activity;sid:83685216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822117)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.7.20.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822117/; classtype:trojan-activity;sid:83685217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822121)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822121/; classtype:trojan-activity;sid:83685221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822123)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822123/; classtype:trojan-activity;sid:83685223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822109)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.234.253.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822109/; classtype:trojan-activity;sid:83685209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822114)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.101.187.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822114/; classtype:trojan-activity;sid:83685214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822100)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.147.93.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822100/; classtype:trojan-activity;sid:83685200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822101)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.65.35.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822101/; classtype:trojan-activity;sid:83685201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822102)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822102/; classtype:trojan-activity;sid:83685202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822107)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822107/; classtype:trojan-activity;sid:83685207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822094)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.158.238.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822094/; classtype:trojan-activity;sid:83685194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822084)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.20.51.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822084/; classtype:trojan-activity;sid:83685184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822086)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.118.45.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822086/; classtype:trojan-activity;sid:83685186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822088)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.122.210.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822088/; classtype:trojan-activity;sid:83685188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822091)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.62.179.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822091/; classtype:trojan-activity;sid:83685191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822092)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.70.204.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822092/; classtype:trojan-activity;sid:83685192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822073)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.121.161.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822073/; classtype:trojan-activity;sid:83685173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822076)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.115.254.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822076/; classtype:trojan-activity;sid:83685176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822077)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822077/; classtype:trojan-activity;sid:83685177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822080)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.199.144.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822080/; classtype:trojan-activity;sid:83685180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822065)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.29.147.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822065/; classtype:trojan-activity;sid:83685165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822066)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.173.163.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822066/; classtype:trojan-activity;sid:83685166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822067)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.203.218.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822067/; classtype:trojan-activity;sid:83685167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822072)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822072/; classtype:trojan-activity;sid:83685172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822063)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.221.254.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822063/; classtype:trojan-activity;sid:83685163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822064)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822064/; classtype:trojan-activity;sid:83685164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822058)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822058/; classtype:trojan-activity;sid:83685158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822054)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.0.129.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822054/; classtype:trojan-activity;sid:83685154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822048)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.73.121.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822048/; classtype:trojan-activity;sid:83685148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822052)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.69.88.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822052/; classtype:trojan-activity;sid:83685152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822042)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.113.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822042/; classtype:trojan-activity;sid:83685142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822044)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822044/; classtype:trojan-activity;sid:83685144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822047)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.29.249.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822047/; classtype:trojan-activity;sid:83685147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822031)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.120.179.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822031/; classtype:trojan-activity;sid:83685131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822035)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.208.145.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822035/; classtype:trojan-activity;sid:83685135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822040)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.114.97.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822040/; classtype:trojan-activity;sid:83685140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822020)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.98.13.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822020/; classtype:trojan-activity;sid:83685120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822023)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.84.143.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822023/; classtype:trojan-activity;sid:83685123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822024)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.4.147.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822024/; classtype:trojan-activity;sid:83685124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822025)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"216.188.216.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822025/; classtype:trojan-activity;sid:83685125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822027)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.100.241.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822027/; classtype:trojan-activity;sid:83685127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822018)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.192.78.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822018/; classtype:trojan-activity;sid:83685118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822013)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"69.70.215.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822013/; classtype:trojan-activity;sid:83685113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822014)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822014/; classtype:trojan-activity;sid:83685114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822011)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.237.157.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822011/; classtype:trojan-activity;sid:83685111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822007)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.122.211.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822007/; classtype:trojan-activity;sid:83685107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822008)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.205.131.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822008/; classtype:trojan-activity;sid:83685108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821996)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821996/; classtype:trojan-activity;sid:83685096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822003)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.38.171.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822003/; classtype:trojan-activity;sid:83685103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822004)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822004/; classtype:trojan-activity;sid:83685104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822006/; classtype:trojan-activity;sid:83685106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821981)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.83.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821981/; classtype:trojan-activity;sid:83685081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821983)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.242.106.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821983/; classtype:trojan-activity;sid:83685083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821976/; classtype:trojan-activity;sid:83685076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821977)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821977/; classtype:trojan-activity;sid:83685077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821979)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.94.100.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821979/; classtype:trojan-activity;sid:83685079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821980)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.32.86.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821980/; classtype:trojan-activity;sid:83685080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821966)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.189.218.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821966/; classtype:trojan-activity;sid:83685066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821970)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821970/; classtype:trojan-activity;sid:83685070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821961)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.93.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821961/; classtype:trojan-activity;sid:83685061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821958)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.254.23.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821958/; classtype:trojan-activity;sid:83685058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821959)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821959/; classtype:trojan-activity;sid:83685059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821960)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821960/; classtype:trojan-activity;sid:83685060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821957)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.0.69.42"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821957/; classtype:trojan-activity;sid:83685057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821952)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.139.153.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821952/; classtype:trojan-activity;sid:83685052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821953)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.231.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821953/; classtype:trojan-activity;sid:83685053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821955)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.66.125.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821955/; classtype:trojan-activity;sid:83685055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821941)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.56.164.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821941/; classtype:trojan-activity;sid:83685041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821942)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821942/; classtype:trojan-activity;sid:83685042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821944)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.177.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821944/; classtype:trojan-activity;sid:83685044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821945)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"191.103.250.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821945/; classtype:trojan-activity;sid:83685045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821949)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821949/; classtype:trojan-activity;sid:83685049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821928)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.109.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821928/; classtype:trojan-activity;sid:83685028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821930)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.16.143.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821930/; classtype:trojan-activity;sid:83685030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821931)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.2.23.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821931/; classtype:trojan-activity;sid:83685031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821934)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821934/; classtype:trojan-activity;sid:83685034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821935)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.127.112.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821935/; classtype:trojan-activity;sid:83685035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821939)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821939/; classtype:trojan-activity;sid:83685039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821924)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.55.98.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821924/; classtype:trojan-activity;sid:83685024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821925)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.111.119.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821925/; classtype:trojan-activity;sid:83685025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821926)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"210.4.69.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821926/; classtype:trojan-activity;sid:83685026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821917)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.195.191.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821917/; classtype:trojan-activity;sid:83685017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821914)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.101.187.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821914/; classtype:trojan-activity;sid:83685014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821915)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821915/; classtype:trojan-activity;sid:83685015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.4.222.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821863/; classtype:trojan-activity;sid:83684963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.189.188.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821857/; classtype:trojan-activity;sid:83684957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.10.211.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821858/; classtype:trojan-activity;sid:83684958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.29.162.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821861/; classtype:trojan-activity;sid:83684961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821854/; classtype:trojan-activity;sid:83684954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.114.137.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821850/; classtype:trojan-activity;sid:83684950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.182.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821851/; classtype:trojan-activity;sid:83684951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.211.153.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821839/; classtype:trojan-activity;sid:83684939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.59.90.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821840/; classtype:trojan-activity;sid:83684940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.191.16.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821845/; classtype:trojan-activity;sid:83684945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.183.186.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821834/; classtype:trojan-activity;sid:83684934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821836/; classtype:trojan-activity;sid:83684936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.155.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821838/; classtype:trojan-activity;sid:83684938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.95.254.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821828/; classtype:trojan-activity;sid:83684928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.19.183.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821831/; classtype:trojan-activity;sid:83684931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.196.120.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821825/; classtype:trojan-activity;sid:83684925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.190.57.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821826/; classtype:trojan-activity;sid:83684926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.0.131.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821818/; classtype:trojan-activity;sid:83684918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.218.50.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821819/; classtype:trojan-activity;sid:83684919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.195.191.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821821/; classtype:trojan-activity;sid:83684921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.37.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821823/; classtype:trojan-activity;sid:83684923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.129.2.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821811/; classtype:trojan-activity;sid:83684911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.9.53.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821805/; classtype:trojan-activity;sid:83684905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.0.129.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821806/; classtype:trojan-activity;sid:83684906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821801/; classtype:trojan-activity;sid:83684901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821802/; classtype:trojan-activity;sid:83684902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.185.119.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821804/; classtype:trojan-activity;sid:83684904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.147.120.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821793/; classtype:trojan-activity;sid:83684893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.187.149.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821794/; classtype:trojan-activity;sid:83684894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.122.28.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821795/; classtype:trojan-activity;sid:83684895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.7.158.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821787/; classtype:trojan-activity;sid:83684887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.7.20.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821789/; classtype:trojan-activity;sid:83684889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"75.136.50.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821790/; classtype:trojan-activity;sid:83684890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.66.125.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821782/; classtype:trojan-activity;sid:83684882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.149.127.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821783/; classtype:trojan-activity;sid:83684883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.175.134.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821776/; classtype:trojan-activity;sid:83684876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.55.98.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821777/; classtype:trojan-activity;sid:83684877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821772/; classtype:trojan-activity;sid:83684872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.124.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821769/; classtype:trojan-activity;sid:83684869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.34.20.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821770/; classtype:trojan-activity;sid:83684870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.190.20.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821765/; classtype:trojan-activity;sid:83684865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821764/; classtype:trojan-activity;sid:83684864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.96.214.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821759/; classtype:trojan-activity;sid:83684859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821760/; classtype:trojan-activity;sid:83684860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.2.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821762/; classtype:trojan-activity;sid:83684862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.235.65.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821753/; classtype:trojan-activity;sid:83684853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821754/; classtype:trojan-activity;sid:83684854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821755/; classtype:trojan-activity;sid:83684855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.103.217.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821757/; classtype:trojan-activity;sid:83684857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.2.23.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821747/; classtype:trojan-activity;sid:83684847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.239.120.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821749/; classtype:trojan-activity;sid:83684849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.18.223.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821751/; classtype:trojan-activity;sid:83684851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821740/; classtype:trojan-activity;sid:83684840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.181.34.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821741/; classtype:trojan-activity;sid:83684841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.205.131.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821743/; classtype:trojan-activity;sid:83684843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.104.195.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821745/; classtype:trojan-activity;sid:83684845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821735/; classtype:trojan-activity;sid:83684835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821737/; classtype:trojan-activity;sid:83684837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.150.253.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821738/; classtype:trojan-activity;sid:83684838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821729/; classtype:trojan-activity;sid:83684829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.154.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821732/; classtype:trojan-activity;sid:83684832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.59.133.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821734/; classtype:trojan-activity;sid:83684834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.5.19.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821722/; classtype:trojan-activity;sid:83684822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.126.178.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821714/; classtype:trojan-activity;sid:83684814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.254.23.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821716/; classtype:trojan-activity;sid:83684816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821706/; classtype:trojan-activity;sid:83684806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.117.210.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821710/; classtype:trojan-activity;sid:83684810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821711/; classtype:trojan-activity;sid:83684811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.246.177.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821690/; classtype:trojan-activity;sid:83684790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.159.0.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821692/; classtype:trojan-activity;sid:83684792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821693/; classtype:trojan-activity;sid:83684793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821699/; classtype:trojan-activity;sid:83684799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.224.243.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821700/; classtype:trojan-activity;sid:83684800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.63.242.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821679/; classtype:trojan-activity;sid:83684779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.195.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821681/; classtype:trojan-activity;sid:83684781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.86.123.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821685/; classtype:trojan-activity;sid:83684785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.228.6.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821687/; classtype:trojan-activity;sid:83684787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.158.238.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821688/; classtype:trojan-activity;sid:83684788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821689/; classtype:trojan-activity;sid:83684789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821676/; classtype:trojan-activity;sid:83684776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821677/; classtype:trojan-activity;sid:83684777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.190.109.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821678/; classtype:trojan-activity;sid:83684778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.129.147.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821673/; classtype:trojan-activity;sid:83684773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.22.237.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821669/; classtype:trojan-activity;sid:83684769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821670/; classtype:trojan-activity;sid:83684770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.211.169.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821665/; classtype:trojan-activity;sid:83684765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821660/; classtype:trojan-activity;sid:83684760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.242.106.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821656/; classtype:trojan-activity;sid:83684756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821657/; classtype:trojan-activity;sid:83684757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821659/; classtype:trojan-activity;sid:83684759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.99.230.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821653/; classtype:trojan-activity;sid:83684753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.248.145.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821654/; classtype:trojan-activity;sid:83684754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.252.66.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821646/; classtype:trojan-activity;sid:83684746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821639/; classtype:trojan-activity;sid:83684739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.205.125.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821643/; classtype:trojan-activity;sid:83684743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821629/; classtype:trojan-activity;sid:83684729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821633/; classtype:trojan-activity;sid:83684733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.65.35.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821634/; classtype:trojan-activity;sid:83684734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.158.95.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821636/; classtype:trojan-activity;sid:83684736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821619/; classtype:trojan-activity;sid:83684719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821622/; classtype:trojan-activity;sid:83684722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.237.250.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821625/; classtype:trojan-activity;sid:83684725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821616/; classtype:trojan-activity;sid:83684716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821617/; classtype:trojan-activity;sid:83684717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.128.231.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821618/; classtype:trojan-activity;sid:83684718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.16.143.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821611/; classtype:trojan-activity;sid:83684711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.211.154.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821609/; classtype:trojan-activity;sid:83684709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821597/; classtype:trojan-activity;sid:83684697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.68.95.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821599/; classtype:trojan-activity;sid:83684699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.134.42.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821595/; classtype:trojan-activity;sid:83684695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.218.152.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820658/; classtype:trojan-activity;sid:83683758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.200.63.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818999/; classtype:trojan-activity;sid:83682099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.224.100.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818993/; classtype:trojan-activity;sid:83682093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818988/; classtype:trojan-activity;sid:83682088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818986/; classtype:trojan-activity;sid:83682086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.30.245.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818987/; classtype:trojan-activity;sid:83682087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818981/; classtype:trojan-activity;sid:83682081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818983/; classtype:trojan-activity;sid:83682083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.254.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818984/; classtype:trojan-activity;sid:83682084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.71.250.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818974/; classtype:trojan-activity;sid:83682074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.140.32.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818975/; classtype:trojan-activity;sid:83682075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.242.106.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818977/; classtype:trojan-activity;sid:83682077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.43.16.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818978/; classtype:trojan-activity;sid:83682078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818963/; classtype:trojan-activity;sid:83682063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818953/; classtype:trojan-activity;sid:83682053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.69.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818946/; classtype:trojan-activity;sid:83682046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.167.25.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818948/; classtype:trojan-activity;sid:83682048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.182.214.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818943/; classtype:trojan-activity;sid:83682043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.137.36.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818930/; classtype:trojan-activity;sid:83682030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818931/; classtype:trojan-activity;sid:83682031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.113.141.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818932/; classtype:trojan-activity;sid:83682032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818939/; classtype:trojan-activity;sid:83682039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.135.142.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818940/; classtype:trojan-activity;sid:83682040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.21.132.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818922/; classtype:trojan-activity;sid:83682022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.50.148.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818926/; classtype:trojan-activity;sid:83682026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.41.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818915/; classtype:trojan-activity;sid:83682015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818917/; classtype:trojan-activity;sid:83682017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.143.133.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818920/; classtype:trojan-activity;sid:83682020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.78.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818911/; classtype:trojan-activity;sid:83682011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.73.49.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818905/; classtype:trojan-activity;sid:83682005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.254.192.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818906/; classtype:trojan-activity;sid:83682006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.70.242.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818907/; classtype:trojan-activity;sid:83682007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.202.49.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818899/; classtype:trojan-activity;sid:83681999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818884/; classtype:trojan-activity;sid:83681984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.193.21.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818887/; classtype:trojan-activity;sid:83681987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.0.69.42"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818889/; classtype:trojan-activity;sid:83681989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818881/; classtype:trojan-activity;sid:83681981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.120.28.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818878/; classtype:trojan-activity;sid:83681978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.255.17.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818872/; classtype:trojan-activity;sid:83681972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.127.112.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818874/; classtype:trojan-activity;sid:83681974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.94.9.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818867/; classtype:trojan-activity;sid:83681967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.111.14.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818868/; classtype:trojan-activity;sid:83681968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.222.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818870/; classtype:trojan-activity;sid:83681970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.215.23.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818865/; classtype:trojan-activity;sid:83681965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818866/; classtype:trojan-activity;sid:83681966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.100.63.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818857/; classtype:trojan-activity;sid:83681957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.113.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818852/; classtype:trojan-activity;sid:83681952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.122.210.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818845/; classtype:trojan-activity;sid:83681945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.101.187.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818847/; classtype:trojan-activity;sid:83681947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818838/; classtype:trojan-activity;sid:83681938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.210.35.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818840/; classtype:trojan-activity;sid:83681940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818843/; classtype:trojan-activity;sid:83681943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.77.128.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818830/; classtype:trojan-activity;sid:83681930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.176.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818832/; classtype:trojan-activity;sid:83681932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.25.133.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818829/; classtype:trojan-activity;sid:83681929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.102.177.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818823/; classtype:trojan-activity;sid:83681923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"136.169.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818826/; classtype:trojan-activity;sid:83681926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.86.199.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818814/; classtype:trojan-activity;sid:83681914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.60.191.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818821/; classtype:trojan-activity;sid:83681921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818798/; classtype:trojan-activity;sid:83681898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.40.84.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818800/; classtype:trojan-activity;sid:83681900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.62.233.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818804/; classtype:trojan-activity;sid:83681904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.153.20.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818806/; classtype:trojan-activity;sid:83681906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.162.187.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818807/; classtype:trojan-activity;sid:83681907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.219.119.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818786/; classtype:trojan-activity;sid:83681886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.136.240.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818773/; classtype:trojan-activity;sid:83681873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818777/; classtype:trojan-activity;sid:83681877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818778/; classtype:trojan-activity;sid:83681878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.203.218.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818772/; classtype:trojan-activity;sid:83681872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.83.245.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818768/; classtype:trojan-activity;sid:83681868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.35.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818758/; classtype:trojan-activity;sid:83681858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.227.118.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818763/; classtype:trojan-activity;sid:83681863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.247.163.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818753/; classtype:trojan-activity;sid:83681853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.254.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818269/; classtype:trojan-activity;sid:83681369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.105.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818240/; classtype:trojan-activity;sid:83681340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.231.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818237/; classtype:trojan-activity;sid:83681337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.251.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818229/; classtype:trojan-activity;sid:83681329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.150.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818227/; classtype:trojan-activity;sid:83681327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818228/; classtype:trojan-activity;sid:83681328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817360)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=4e6f63f4c3c86180%21112|7c|26|7c|authkey=!aji85fsyq6pgubw"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817360/; classtype:trojan-activity;sid:83680460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817357)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1w6j0xeptoliyrblijhnxbm_qnnoptzfw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817357/; classtype:trojan-activity;sid:83680457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817239)"; flow:established,from_client; content:"GET"; http_method; content:"/pbhhdf/12/raw/main/keepvid-pro_full2578.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817239/; classtype:trojan-activity;sid:83680339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817148)"; flow:established,from_client; content:"GET"; http_method; content:"/coolismoney/laughing-octo-tribble/releases/download/v2/crazycore.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817148/; classtype:trojan-activity;sid:83680248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814937)"; flow:established,from_client; content:"GET"; http_method; content:"/logindll.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.111.180.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814937/; classtype:trojan-activity;sid:83678037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.52.48.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814130/; classtype:trojan-activity;sid:83677230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.162.141.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814129/; classtype:trojan-activity;sid:83677229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814127/; classtype:trojan-activity;sid:83677227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814128/; classtype:trojan-activity;sid:83677228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.113.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814122/; classtype:trojan-activity;sid:83677222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814108/; classtype:trojan-activity;sid:83677208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.133.214.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814109/; classtype:trojan-activity;sid:83677209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.123.142.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814100/; classtype:trojan-activity;sid:83677200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.76.195.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814103/; classtype:trojan-activity;sid:83677203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.126.186.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814105/; classtype:trojan-activity;sid:83677205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814093/; classtype:trojan-activity;sid:83677193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.93.41.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814086/; classtype:trojan-activity;sid:83677186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.254.173.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814087/; classtype:trojan-activity;sid:83677187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.22.48.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814080/; classtype:trojan-activity;sid:83677180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.189.218.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814083/; classtype:trojan-activity;sid:83677183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.217.148.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813794/; classtype:trojan-activity;sid:83676894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.67.115.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813793/; classtype:trojan-activity;sid:83676893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813151/; classtype:trojan-activity;sid:83676251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.153.22.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813148/; classtype:trojan-activity;sid:83676248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.28.123.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813150/; classtype:trojan-activity;sid:83676250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.30.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813143/; classtype:trojan-activity;sid:83676243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.210.217.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813146/; classtype:trojan-activity;sid:83676246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.253.154.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813147/; classtype:trojan-activity;sid:83676247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813137/; classtype:trojan-activity;sid:83676237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.144.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813133/; classtype:trojan-activity;sid:83676233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.43.59.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813134/; classtype:trojan-activity;sid:83676234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.100.50.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813128/; classtype:trojan-activity;sid:83676228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.198.242.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813129/; classtype:trojan-activity;sid:83676229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.157.219.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813130/; classtype:trojan-activity;sid:83676230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.81.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813122/; classtype:trojan-activity;sid:83676222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813111/; classtype:trojan-activity;sid:83676211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813107/; classtype:trojan-activity;sid:83676207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.165.209.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813108/; classtype:trojan-activity;sid:83676208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.120.179.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813091/; classtype:trojan-activity;sid:83676191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.141.135.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813098/; classtype:trojan-activity;sid:83676198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813100/; classtype:trojan-activity;sid:83676200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813101/; classtype:trojan-activity;sid:83676201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.230.159.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813083/; classtype:trojan-activity;sid:83676183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.29.249.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813084/; classtype:trojan-activity;sid:83676184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.39.242.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813081/; classtype:trojan-activity;sid:83676181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.163.57.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813078/; classtype:trojan-activity;sid:83676178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.249.52.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813070/; classtype:trojan-activity;sid:83676170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813072/; classtype:trojan-activity;sid:83676172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.228.64.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813057/; classtype:trojan-activity;sid:83676157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.189.125.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813064/; classtype:trojan-activity;sid:83676164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.120.179.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813047/; classtype:trojan-activity;sid:83676147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.109.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813048/; classtype:trojan-activity;sid:83676148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813049/; classtype:trojan-activity;sid:83676149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"144.48.169.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813051/; classtype:trojan-activity;sid:83676151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.42.122.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813053/; classtype:trojan-activity;sid:83676153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.230.153.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813037/; classtype:trojan-activity;sid:83676137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813039/; classtype:trojan-activity;sid:83676139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.70.204.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813040/; classtype:trojan-activity;sid:83676140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813041/; classtype:trojan-activity;sid:83676141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.19.251.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813028/; classtype:trojan-activity;sid:83676128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.169.235.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813024/; classtype:trojan-activity;sid:83676124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812539)"; flow:established,from_client; content:"GET"; http_method; content:"/dinsherman202/solid-lamp/releases/download/download/github.software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812539/; classtype:trojan-activity;sid:83675639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.69.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809237/; classtype:trojan-activity;sid:83672337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.255.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809236/; classtype:trojan-activity;sid:83672336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.239.105.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809231/; classtype:trojan-activity;sid:83672331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809227/; classtype:trojan-activity;sid:83672327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.211.197.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809228/; classtype:trojan-activity;sid:83672328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.81.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809223/; classtype:trojan-activity;sid:83672323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.100.241.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809224/; classtype:trojan-activity;sid:83672324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809225/; classtype:trojan-activity;sid:83672325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809226/; classtype:trojan-activity;sid:83672326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.9.192.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809221/; classtype:trojan-activity;sid:83672321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.93.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809209/; classtype:trojan-activity;sid:83672309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.95.186.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809204/; classtype:trojan-activity;sid:83672304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809202/; classtype:trojan-activity;sid:83672302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.122.96.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809203/; classtype:trojan-activity;sid:83672303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.71.69.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809190/; classtype:trojan-activity;sid:83672290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.143.195.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809192/; classtype:trojan-activity;sid:83672292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.89.188.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809193/; classtype:trojan-activity;sid:83672293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.114.109.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809182/; classtype:trojan-activity;sid:83672282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.254.223.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809184/; classtype:trojan-activity;sid:83672284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.193.118.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809187/; classtype:trojan-activity;sid:83672287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.54.121.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809177/; classtype:trojan-activity;sid:83672277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.215.61.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809173/; classtype:trojan-activity;sid:83672273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.65.45.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809167/; classtype:trojan-activity;sid:83672267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809162/; classtype:trojan-activity;sid:83672262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.42.201.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809158/; classtype:trojan-activity;sid:83672258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.101.191.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809160/; classtype:trojan-activity;sid:83672260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.130.70.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809143/; classtype:trojan-activity;sid:83672243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.89.168.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809146/; classtype:trojan-activity;sid:83672246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.65.15.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809149/; classtype:trojan-activity;sid:83672249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809136/; classtype:trojan-activity;sid:83672236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.98.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809139/; classtype:trojan-activity;sid:83672239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809140/; classtype:trojan-activity;sid:83672240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809130/; classtype:trojan-activity;sid:83672230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809132/; classtype:trojan-activity;sid:83672232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809135/; classtype:trojan-activity;sid:83672235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.32.86.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809128/; classtype:trojan-activity;sid:83672228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809123/; classtype:trojan-activity;sid:83672223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.94.29.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809115/; classtype:trojan-activity;sid:83672215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.38.60.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809116/; classtype:trojan-activity;sid:83672216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809117/; classtype:trojan-activity;sid:83672217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.83.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809120/; classtype:trojan-activity;sid:83672220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.120.211.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809108/; classtype:trojan-activity;sid:83672208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.195.141.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809109/; classtype:trojan-activity;sid:83672209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.214.56.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809112/; classtype:trojan-activity;sid:83672212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.43.201.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809113/; classtype:trojan-activity;sid:83672213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.7.153.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809105/; classtype:trojan-activity;sid:83672205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.56.164.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809099/; classtype:trojan-activity;sid:83672199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.200.63.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809084/; classtype:trojan-activity;sid:83672184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.165.112.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809088/; classtype:trojan-activity;sid:83672188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809089/; classtype:trojan-activity;sid:83672189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809091/; classtype:trojan-activity;sid:83672191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.103.250.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809070/; classtype:trojan-activity;sid:83672170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.158.175.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809071/; classtype:trojan-activity;sid:83672171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809073/; classtype:trojan-activity;sid:83672173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.248.56.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809077/; classtype:trojan-activity;sid:83672177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.156.143.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809065/; classtype:trojan-activity;sid:83672165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.222.45.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809054/; classtype:trojan-activity;sid:83672154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.29.19.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809011/; classtype:trojan-activity;sid:83672111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.227.118.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809005/; classtype:trojan-activity;sid:83672105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.28.11.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808985/; classtype:trojan-activity;sid:83672085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.228.135.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808986/; classtype:trojan-activity;sid:83672086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.181.38.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808979/; classtype:trojan-activity;sid:83672079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.61.246.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808980/; classtype:trojan-activity;sid:83672080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.131.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808981/; classtype:trojan-activity;sid:83672081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.31.135.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808982/; classtype:trojan-activity;sid:83672082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.237.157.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808972/; classtype:trojan-activity;sid:83672072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.19.174.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808973/; classtype:trojan-activity;sid:83672073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.186.156.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808974/; classtype:trojan-activity;sid:83672074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.84.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808975/; classtype:trojan-activity;sid:83672075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.88.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808963/; classtype:trojan-activity;sid:83672063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.210.50.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808966/; classtype:trojan-activity;sid:83672066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.57.33.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808967/; classtype:trojan-activity;sid:83672067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.105.79.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808968/; classtype:trojan-activity;sid:83672068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.192.78.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808970/; classtype:trojan-activity;sid:83672070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808957/; classtype:trojan-activity;sid:83672057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.4.147.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808951/; classtype:trojan-activity;sid:83672051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808947/; classtype:trojan-activity;sid:83672047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.121.161.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808946/; classtype:trojan-activity;sid:83672046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808929/; classtype:trojan-activity;sid:83672029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.208.145.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808931/; classtype:trojan-activity;sid:83672031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.232.241.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808932/; classtype:trojan-activity;sid:83672032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808933/; classtype:trojan-activity;sid:83672033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.227.118.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808935/; classtype:trojan-activity;sid:83672035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.18.223.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808936/; classtype:trojan-activity;sid:83672036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.234.203.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808937/; classtype:trojan-activity;sid:83672037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.188.254.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808939/; classtype:trojan-activity;sid:83672039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808924/; classtype:trojan-activity;sid:83672024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.253.241.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808926/; classtype:trojan-activity;sid:83672026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808928/; classtype:trojan-activity;sid:83672028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"69.70.215.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808917/; classtype:trojan-activity;sid:83672017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.151.29.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808906/; classtype:trojan-activity;sid:83672006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808907/; classtype:trojan-activity;sid:83672007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.188.215.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808909/; classtype:trojan-activity;sid:83672009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.135.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808910/; classtype:trojan-activity;sid:83672010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.99.218.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808905/; classtype:trojan-activity;sid:83672005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.20.122.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808895/; classtype:trojan-activity;sid:83671995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.64.96.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808900/; classtype:trojan-activity;sid:83672000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.193.118.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808889/; classtype:trojan-activity;sid:83671989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.95.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808888/; classtype:trojan-activity;sid:83671988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808883/; classtype:trojan-activity;sid:83671983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808876/; classtype:trojan-activity;sid:83671976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.201.25.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808872/; classtype:trojan-activity;sid:83671972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.16.75.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808873/; classtype:trojan-activity;sid:83671973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.218.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808875/; classtype:trojan-activity;sid:83671975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.177.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808869/; classtype:trojan-activity;sid:83671969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.52.164.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808870/; classtype:trojan-activity;sid:83671970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.78.118.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808861/; classtype:trojan-activity;sid:83671961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.234.253.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808862/; classtype:trojan-activity;sid:83671962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.11.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808851/; classtype:trojan-activity;sid:83671951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.204.177.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808852/; classtype:trojan-activity;sid:83671952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.44.110.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808854/; classtype:trojan-activity;sid:83671954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808842/; classtype:trojan-activity;sid:83671942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.236.114.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808840/; classtype:trojan-activity;sid:83671940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.4.110.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808832/; classtype:trojan-activity;sid:83671932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808836/; classtype:trojan-activity;sid:83671936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.228.134.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808822/; classtype:trojan-activity;sid:83671922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808823/; classtype:trojan-activity;sid:83671923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.41.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808824/; classtype:trojan-activity;sid:83671924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.189.172.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808826/; classtype:trojan-activity;sid:83671926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808829/; classtype:trojan-activity;sid:83671929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.93.83.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808819/; classtype:trojan-activity;sid:83671919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.112.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808820/; classtype:trojan-activity;sid:83671920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808814/; classtype:trojan-activity;sid:83671914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.188.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808807/; classtype:trojan-activity;sid:83671907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.92.181.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808808/; classtype:trojan-activity;sid:83671908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.187.151.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808809/; classtype:trojan-activity;sid:83671909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.81.127.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808802/; classtype:trojan-activity;sid:83671902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808792/; classtype:trojan-activity;sid:83671892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.164.252.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808793/; classtype:trojan-activity;sid:83671893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.122.211.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808794/; classtype:trojan-activity;sid:83671894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.20.51.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808797/; classtype:trojan-activity;sid:83671897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.217.148.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808798/; classtype:trojan-activity;sid:83671898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.83.248.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808786/; classtype:trojan-activity;sid:83671886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.36.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808790/; classtype:trojan-activity;sid:83671890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.84.143.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808783/; classtype:trojan-activity;sid:83671883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.173.163.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808778/; classtype:trojan-activity;sid:83671878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.120.241.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808781/; classtype:trojan-activity;sid:83671881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.24.131.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808782/; classtype:trojan-activity;sid:83671882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.43.34.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808770/; classtype:trojan-activity;sid:83671870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.165.79.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808771/; classtype:trojan-activity;sid:83671871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.202.220.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808760/; classtype:trojan-activity;sid:83671860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.139.153.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808767/; classtype:trojan-activity;sid:83671867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.183.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808756/; classtype:trojan-activity;sid:83671856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.157.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808758/; classtype:trojan-activity;sid:83671858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.17.23.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808754/; classtype:trojan-activity;sid:83671854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808746/; classtype:trojan-activity;sid:83671846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.147.93.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808748/; classtype:trojan-activity;sid:83671848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.120.98.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808751/; classtype:trojan-activity;sid:83671851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.214.241.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808734/; classtype:trojan-activity;sid:83671834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.111.116.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808735/; classtype:trojan-activity;sid:83671835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808737/; classtype:trojan-activity;sid:83671837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.71.191.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808738/; classtype:trojan-activity;sid:83671838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808739/; classtype:trojan-activity;sid:83671839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.114.97.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808740/; classtype:trojan-activity;sid:83671840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.93.28.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808721/; classtype:trojan-activity;sid:83671821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.17.248.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808708/; classtype:trojan-activity;sid:83671808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808710/; classtype:trojan-activity;sid:83671810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.62.179.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808715/; classtype:trojan-activity;sid:83671815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.73.121.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808716/; classtype:trojan-activity;sid:83671816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808717/; classtype:trojan-activity;sid:83671817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.42.121.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808705/; classtype:trojan-activity;sid:83671805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.38.241.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808702/; classtype:trojan-activity;sid:83671802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.199.144.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808704/; classtype:trojan-activity;sid:83671804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.65.205.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808697/; classtype:trojan-activity;sid:83671797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.120.179.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808659/; classtype:trojan-activity;sid:83671759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808652/; classtype:trojan-activity;sid:83671752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808644/; classtype:trojan-activity;sid:83671744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.212.109.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808643/; classtype:trojan-activity;sid:83671743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.191.123.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808637/; classtype:trojan-activity;sid:83671737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808636/; classtype:trojan-activity;sid:83671736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808631/; classtype:trojan-activity;sid:83671731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.176.137.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808630/; classtype:trojan-activity;sid:83671730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.4.69.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808616/; classtype:trojan-activity;sid:83671716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.98.13.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808615/; classtype:trojan-activity;sid:83671715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808610/; classtype:trojan-activity;sid:83671710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.218.152.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808603/; classtype:trojan-activity;sid:83671703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.80.244.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808594/; classtype:trojan-activity;sid:83671694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.38.241.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808586/; classtype:trojan-activity;sid:83671686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.69.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808575/; classtype:trojan-activity;sid:83671675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.1.157.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808564/; classtype:trojan-activity;sid:83671664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.115.174.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808565/; classtype:trojan-activity;sid:83671665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.73.242.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808563/; classtype:trojan-activity;sid:83671663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.0.4.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808561/; classtype:trojan-activity;sid:83671661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808562/; classtype:trojan-activity;sid:83671662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.218.172.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808556/; classtype:trojan-activity;sid:83671656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.118.45.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808557/; classtype:trojan-activity;sid:83671657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808560/; classtype:trojan-activity;sid:83671660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.142.114.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808540/; classtype:trojan-activity;sid:83671640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808542/; classtype:trojan-activity;sid:83671642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.234.147.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808544/; classtype:trojan-activity;sid:83671644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.189.222.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808545/; classtype:trojan-activity;sid:83671645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.141.122.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808546/; classtype:trojan-activity;sid:83671646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.101.187.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808549/; classtype:trojan-activity;sid:83671649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.239.22.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808550/; classtype:trojan-activity;sid:83671650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808551/; classtype:trojan-activity;sid:83671651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.29.147.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808552/; classtype:trojan-activity;sid:83671652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.87.5.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808533/; classtype:trojan-activity;sid:83671633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.254.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808536/; classtype:trojan-activity;sid:83671636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808520/; classtype:trojan-activity;sid:83671620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.191.218.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808521/; classtype:trojan-activity;sid:83671621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.140.176.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808522/; classtype:trojan-activity;sid:83671622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.80.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808524/; classtype:trojan-activity;sid:83671624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.205.90.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808525/; classtype:trojan-activity;sid:83671625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.244.112.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808511/; classtype:trojan-activity;sid:83671611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808515/; classtype:trojan-activity;sid:83671615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808504/; classtype:trojan-activity;sid:83671604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.111.119.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808502/; classtype:trojan-activity;sid:83671602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808496/; classtype:trojan-activity;sid:83671596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.89.178.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808489/; classtype:trojan-activity;sid:83671589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808492/; classtype:trojan-activity;sid:83671592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808485/; classtype:trojan-activity;sid:83671585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.199.144.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808486/; classtype:trojan-activity;sid:83671586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.68.161.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808482/; classtype:trojan-activity;sid:83671582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.172.170.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808483/; classtype:trojan-activity;sid:83671583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.88.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808475/; classtype:trojan-activity;sid:83671575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.42.243.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808478/; classtype:trojan-activity;sid:83671578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808467/; classtype:trojan-activity;sid:83671567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808468/; classtype:trojan-activity;sid:83671568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.247.68.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808473/; classtype:trojan-activity;sid:83671573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.17.61.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808457/; classtype:trojan-activity;sid:83671557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.154.84.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808459/; classtype:trojan-activity;sid:83671559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.4.199"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808460/; classtype:trojan-activity;sid:83671560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.237.174.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808452/; classtype:trojan-activity;sid:83671552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808448/; classtype:trojan-activity;sid:83671548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.200.203.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808432/; classtype:trojan-activity;sid:83671532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.237.174.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808434/; classtype:trojan-activity;sid:83671534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.0.136.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808443/; classtype:trojan-activity;sid:83671543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808444/; classtype:trojan-activity;sid:83671544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.156.46.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808445/; classtype:trojan-activity;sid:83671545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.185.127.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808422/; classtype:trojan-activity;sid:83671522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.213.157.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808423/; classtype:trojan-activity;sid:83671523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.89.199.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808424/; classtype:trojan-activity;sid:83671524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.246.214.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808425/; classtype:trojan-activity;sid:83671525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.116.68.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808427/; classtype:trojan-activity;sid:83671527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.174.152.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808429/; classtype:trojan-activity;sid:83671529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.73.70.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808430/; classtype:trojan-activity;sid:83671530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.119.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808416/; classtype:trojan-activity;sid:83671516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.216.28.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808418/; classtype:trojan-activity;sid:83671518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.249.54.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808421/; classtype:trojan-activity;sid:83671521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.221.254.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808406/; classtype:trojan-activity;sid:83671506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.171.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808408/; classtype:trojan-activity;sid:83671508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.195.100.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808400/; classtype:trojan-activity;sid:83671500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.50.169.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808390/; classtype:trojan-activity;sid:83671490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.94.100.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808392/; classtype:trojan-activity;sid:83671492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.240.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808396/; classtype:trojan-activity;sid:83671496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.57.121.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808397/; classtype:trojan-activity;sid:83671497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.182.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808376/; classtype:trojan-activity;sid:83671476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.165.192.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808379/; classtype:trojan-activity;sid:83671479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808380/; classtype:trojan-activity;sid:83671480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.190.76.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808383/; classtype:trojan-activity;sid:83671483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.38.171.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808388/; classtype:trojan-activity;sid:83671488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.72.39.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808371/; classtype:trojan-activity;sid:83671471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808373/; classtype:trojan-activity;sid:83671473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.114.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808366/; classtype:trojan-activity;sid:83671466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.188.48.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808367/; classtype:trojan-activity;sid:83671467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808309)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808309/; classtype:trojan-activity;sid:83671409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808300)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808300/; classtype:trojan-activity;sid:83671400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808303/; classtype:trojan-activity;sid:83671403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808304/; classtype:trojan-activity;sid:83671404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808306)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808306/; classtype:trojan-activity;sid:83671406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808307)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808307/; classtype:trojan-activity;sid:83671407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808284/; classtype:trojan-activity;sid:83671384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808286)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808286/; classtype:trojan-activity;sid:83671386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808287/; classtype:trojan-activity;sid:83671387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808289)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808289/; classtype:trojan-activity;sid:83671389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808291)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808291/; classtype:trojan-activity;sid:83671391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808281)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808281/; classtype:trojan-activity;sid:83671381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808271)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808271/; classtype:trojan-activity;sid:83671371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808274)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808274/; classtype:trojan-activity;sid:83671374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808275)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808275/; classtype:trojan-activity;sid:83671375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808276)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808276/; classtype:trojan-activity;sid:83671376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808277)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808277/; classtype:trojan-activity;sid:83671377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808278)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808278/; classtype:trojan-activity;sid:83671378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808279)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808279/; classtype:trojan-activity;sid:83671379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808280)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808280/; classtype:trojan-activity;sid:83671380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808264)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808264/; classtype:trojan-activity;sid:83671364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808267)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808267/; classtype:trojan-activity;sid:83671367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808231)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808231/; classtype:trojan-activity;sid:83671331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808232)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808232/; classtype:trojan-activity;sid:83671332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808233/; classtype:trojan-activity;sid:83671333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808235)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808235/; classtype:trojan-activity;sid:83671335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808236/; classtype:trojan-activity;sid:83671336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808241)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808241/; classtype:trojan-activity;sid:83671341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808242/; classtype:trojan-activity;sid:83671342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808244/; classtype:trojan-activity;sid:83671344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808245/; classtype:trojan-activity;sid:83671345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808248)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808248/; classtype:trojan-activity;sid:83671348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808249)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808249/; classtype:trojan-activity;sid:83671349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808250)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808250/; classtype:trojan-activity;sid:83671350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808225)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808225/; classtype:trojan-activity;sid:83671325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808226/; classtype:trojan-activity;sid:83671326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808227/; classtype:trojan-activity;sid:83671327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808215)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808215/; classtype:trojan-activity;sid:83671315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808216/; classtype:trojan-activity;sid:83671316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808219)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808219/; classtype:trojan-activity;sid:83671319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808221/; classtype:trojan-activity;sid:83671321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808222/; classtype:trojan-activity;sid:83671322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808199/; classtype:trojan-activity;sid:83671299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808198/; classtype:trojan-activity;sid:83671298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808187/; classtype:trojan-activity;sid:83671287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808189/; classtype:trojan-activity;sid:83671289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808190/; classtype:trojan-activity;sid:83671290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808191/; classtype:trojan-activity;sid:83671291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808193/; classtype:trojan-activity;sid:83671293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808195/; classtype:trojan-activity;sid:83671295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808196/; classtype:trojan-activity;sid:83671296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808176/; classtype:trojan-activity;sid:83671276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808178/; classtype:trojan-activity;sid:83671278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808179/; classtype:trojan-activity;sid:83671279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808183/; classtype:trojan-activity;sid:83671283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808184/; classtype:trojan-activity;sid:83671284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808167/; classtype:trojan-activity;sid:83671267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808168/; classtype:trojan-activity;sid:83671268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808160/; classtype:trojan-activity;sid:83671260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808161/; classtype:trojan-activity;sid:83671261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807492)"; flow:established,from_client; content:"GET"; http_method; content:"/ping"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.57.122.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807492/; classtype:trojan-activity;sid:83670592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807300)"; flow:established,from_client; content:"GET"; http_method; content:"/http.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807300/; classtype:trojan-activity;sid:83670400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806527)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"138.36.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806527/; classtype:trojan-activity;sid:83669627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804806)"; flow:established,from_client; content:"GET"; http_method; content:"/slitaz/sources/packages/c/cross-compiler-armv6l.tar.bz2"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"distro.ibiblio.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804806/; classtype:trojan-activity;sid:83667906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803517)"; flow:established,from_client; content:"GET"; http_method; content:"/printspoofer.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"35.185.187.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803517/; classtype:trojan-activity;sid:83666617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798785)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.209.41.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798785/; classtype:trojan-activity;sid:83661885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798784)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.209.41.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798784/; classtype:trojan-activity;sid:83661884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795504)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/letmatros.snp"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dnvk1.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_29; reference:url, urlhaus.abuse.ch/url/2795504/; classtype:trojan-activity;sid:83658604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793603)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qxwff0k49bjdhwzotirkvqlqhebzgphg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793603/; classtype:trojan-activity;sid:83656703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792394)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/wlbkszoxpvyovh65.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"dnvk1.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2792394/; classtype:trojan-activity;sid:83655494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790578)"; flow:established,from_client; content:"GET"; http_method; content:"/.index/scan.tar"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.216.207.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790578/; classtype:trojan-activity;sid:83653678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789955)"; flow:established,from_client; content:"GET"; http_method; content:"/incoper887/tua/raw/main/build.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_22; reference:url, urlhaus.abuse.ch/url/2789955/; classtype:trojan-activity;sid:83653055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787791)"; flow:established,from_client; content:"GET"; http_method; content:"/ykwsyyt/help/hddrive1095_xinanplug3030_20230619_inno.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"60.22.23.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787791/; classtype:trojan-activity;sid:83650891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787397)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hditwve1kadzeycbldxttxi4mmhddgyp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787397/; classtype:trojan-activity;sid:83650497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787024)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"65.49.44.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787024/; classtype:trojan-activity;sid:83650124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787023)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.113.35.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787023/; classtype:trojan-activity;sid:83650123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786829)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1re9cqjrafya6wcb5e0zcolwdorvsf9pi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786829/; classtype:trojan-activity;sid:83649929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786674)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"47.101.206.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786674/; classtype:trojan-activity;sid:83649774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786672)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.96.147.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786672/; classtype:trojan-activity;sid:83649772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786665)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.44.203.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786665/; classtype:trojan-activity;sid:83649765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786663)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/er5thygfd.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786663/; classtype:trojan-activity;sid:83649763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786661)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/uemlxaw.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786661/; classtype:trojan-activity;sid:83649761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786649)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.42.168.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786649/; classtype:trojan-activity;sid:83649749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786332)"; flow:established,from_client; content:"GET"; http_method; content:"/exploit.class"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"39.98.107.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786332/; classtype:trojan-activity;sid:83649432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786333)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.98.107.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786333/; classtype:trojan-activity;sid:83649433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785768)"; flow:established,from_client; content:"GET"; http_method; content:"/zev3n/ubuntu-gnome-privilege-escalation/main/cve-2020-1612%5b6_7%5d_exploit.sh"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785768/; classtype:trojan-activity;sid:83648868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785466)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/deployment/yellow%20pages%20scraper.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785466/; classtype:trojan-activity;sid:83648566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785447)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/updates/tinder%20bot.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785447/; classtype:trojan-activity;sid:83648547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785235)"; flow:established,from_client; content:"GET"; http_method; content:"/ransomware.wannacry_plus.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"14.224.174.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_17; reference:url, urlhaus.abuse.ch/url/2785235/; classtype:trojan-activity;sid:83648335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782434)"; flow:established,from_client; content:"GET"; http_method; content:"/17c4755d1d45ed1bb454/8703634058188758823"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"f24-zfcloud.zdn.vn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782434/; classtype:trojan-activity;sid:83645534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782286)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1cbzrekgr3qfqlniab3cpysqnzafff|3f|content_disposition=attachment|7c|3b|7c|filename=%22upload_20240311-130634.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"public.adobecc.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782286/; classtype:trojan-activity;sid:83645386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780261)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.72.39.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780261/; classtype:trojan-activity;sid:83643361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"oys0ro.static.otenet.gr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780255/; classtype:trojan-activity;sid:83643355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777824)"; flow:established,from_client; content:"GET"; http_method; content:"/m.py"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777824/; classtype:trojan-activity;sid:83640924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777823)"; flow:established,from_client; content:"GET"; http_method; content:"/p"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777823/; classtype:trojan-activity;sid:83640923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777822)"; flow:established,from_client; content:"GET"; http_method; content:"/d"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777822/; classtype:trojan-activity;sid:83640922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777441)"; flow:established,from_client; content:"GET"; http_method; content:"/greenpackage.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"bitkiselurunsiparis.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_07; reference:url, urlhaus.abuse.ch/url/2777441/; classtype:trojan-activity;sid:83640541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776111)"; flow:established,from_client; content:"GET"; http_method; content:"/update/cheat.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.183.113.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776111/; classtype:trojan-activity;sid:83639211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776110)"; flow:established,from_client; content:"GET"; http_method; content:"/update/main.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.183.113.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776110/; classtype:trojan-activity;sid:83639210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776109)"; flow:established,from_client; content:"GET"; http_method; content:"/update/zverify.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.183.113.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776109/; classtype:trojan-activity;sid:83639209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776108)"; flow:established,from_client; content:"GET"; http_method; content:"/update/mhpverify.dll"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.183.113.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776108/; classtype:trojan-activity;sid:83639208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772697)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/x.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"106.254.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772697/; classtype:trojan-activity;sid:83635797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772689)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/met111.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.254.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772689/; classtype:trojan-activity;sid:83635789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"75.183.98.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769194/; classtype:trojan-activity;sid:83632294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.188.216.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769195/; classtype:trojan-activity;sid:83632295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.198.199.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769198/; classtype:trojan-activity;sid:83632298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"65.132.139.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769166/; classtype:trojan-activity;sid:83632266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.183.54.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769162/; classtype:trojan-activity;sid:83632262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769015)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/jeditor/jeditor.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"www.ojang.pe.kr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769015/; classtype:trojan-activity;sid:83632115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765933)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/e_r1.bmp"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"catbaparadisehotel.com.vn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765933/; classtype:trojan-activity;sid:83629033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765918)"; flow:established,from_client; content:"GET"; http_method; content:"/aminer.gz"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.64.128.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765918/; classtype:trojan-activity;sid:83629018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765915)"; flow:established,from_client; content:"GET"; http_method; content:"/install.tgz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.64.128.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765915/; classtype:trojan-activity;sid:83629015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765626)"; flow:established,from_client; content:"GET"; http_method; content:"/hitmanpro.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hitman-pro.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765626/; classtype:trojan-activity;sid:83628726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765586)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/e_default.bmp"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"catbaparadisehotel.com.vn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765586/; classtype:trojan-activity;sid:83628686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764512)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764512/; classtype:trojan-activity;sid:83627612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764507)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764507/; classtype:trojan-activity;sid:83627607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764508)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764508/; classtype:trojan-activity;sid:83627608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764509)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764509/; classtype:trojan-activity;sid:83627609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764510)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764510/; classtype:trojan-activity;sid:83627610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764511)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764511/; classtype:trojan-activity;sid:83627611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764488)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.188.215.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764488/; classtype:trojan-activity;sid:83627588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757963)"; flow:established,from_client; content:"GET"; http_method; content:"/mobileanjian.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.6.5.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757963/; classtype:trojan-activity;sid:83621063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2755280)"; flow:established,from_client; content:"GET"; http_method; content:"/den4ikyt/spoofer/raw/main/hwid%20spoofer.rar"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_02_02; reference:url, urlhaus.abuse.ch/url/2755280/; classtype:trojan-activity;sid:83618380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754788)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754788/; classtype:trojan-activity;sid:83617888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754786)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754786/; classtype:trojan-activity;sid:83617886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754784)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754784/; classtype:trojan-activity;sid:83617884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754785)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754785/; classtype:trojan-activity;sid:83617885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754783)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754783/; classtype:trojan-activity;sid:83617883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754299)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wuy2y3vbxibdfqcs6-kx96nocarzixfd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754299/; classtype:trojan-activity;sid:83617399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752947)"; flow:established,from_client; content:"GET"; http_method; content:"/app/view/ta.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.26.174.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_29; reference:url, urlhaus.abuse.ch/url/2752947/; classtype:trojan-activity;sid:83616047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752434)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/build6_unencrypted.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_28; reference:url, urlhaus.abuse.ch/url/2752434/; classtype:trojan-activity;sid:83615534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751248)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gzckgqlufkfpmlzsd4dlrp8-nrdeju1w"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751248/; classtype:trojan-activity;sid:83614348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2750554)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/first.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_22; reference:url, urlhaus.abuse.ch/url/2750554/; classtype:trojan-activity;sid:83613654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749981)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/windows.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2749981/; classtype:trojan-activity;sid:83613081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749973)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/eszop.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2749973/; classtype:trojan-activity;sid:83613073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749975)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/wefhrf.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2749975/; classtype:trojan-activity;sid:83613075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748820)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_15; reference:url, urlhaus.abuse.ch/url/2748820/; classtype:trojan-activity;sid:83611920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748808)"; flow:established,from_client; content:"GET"; http_method; content:"/kseniakucherksenia/.github.io/raw/main/cayv0deo9jst417.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_15; reference:url, urlhaus.abuse.ch/url/2748808/; classtype:trojan-activity;sid:83611908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748809)"; flow:established,from_client; content:"GET"; http_method; content:"/kseniakucherksenia/.github.io/main/cayv0deo9jst417.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_15; reference:url, urlhaus.abuse.ch/url/2748809/; classtype:trojan-activity;sid:83611909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748605)"; flow:established,from_client; content:"GET"; http_method; content:"/ssslllap1/asdasd/raw/main/crypted.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_13; reference:url, urlhaus.abuse.ch/url/2748605/; classtype:trojan-activity;sid:83611705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748365)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ifvzub1blhmwsirshbe2wu5b1tus3ls-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748365/; classtype:trojan-activity;sid:83611465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748363)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yydiodtw09banou13ro8ielf9rcmljxy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748363/; classtype:trojan-activity;sid:83611463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748360)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=11cbyky_wegqjut6afr8jannw7vub-xxf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748360/; classtype:trojan-activity;sid:83611460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748350)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rqhgsr779gyzvi15p-bmkx8txq4bj-yi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748350/; classtype:trojan-activity;sid:83611450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746783)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.180.35.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_06; reference:url, urlhaus.abuse.ch/url/2746783/; classtype:trojan-activity;sid:83609883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744609)"; flow:established,from_client; content:"GET"; http_method; content:"/24/b.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.16.38.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_12_27; reference:url, urlhaus.abuse.ch/url/2744609/; classtype:trojan-activity;sid:83607709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744516)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.149.127.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_12_26; reference:url, urlhaus.abuse.ch/url/2744516/; classtype:trojan-activity;sid:83607616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744000)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.193.21.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_24; reference:url, urlhaus.abuse.ch/url/2744000/; classtype:trojan-activity;sid:83607100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743461)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12rmvuwgpj0dzbb3haoaww2lviavhvb4r"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743461/; classtype:trojan-activity;sid:83606561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743460)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rfsmrzeanvap2tnmtwrptlepwarwlkge"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743460/; classtype:trojan-activity;sid:83606560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742584)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.129.147.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_20; reference:url, urlhaus.abuse.ch/url/2742584/; classtype:trojan-activity;sid:83605684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742518)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1k0bqhrtnu4v1yexoni5p1utyjuohmfzm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742518/; classtype:trojan-activity;sid:83605618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742516)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1fhqpevblkipshqumjmsbzeetdzhzxv-j"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742516/; classtype:trojan-activity;sid:83605616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735400)"; flow:established,from_client; content:"GET"; http_method; content:"/chdyz/chdyz.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.110.247.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_26; reference:url, urlhaus.abuse.ch/url/2735400/; classtype:trojan-activity;sid:83598500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735399)"; flow:established,from_client; content:"GET"; http_method; content:"/chdyz/chdyz.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.110.247.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_26; reference:url, urlhaus.abuse.ch/url/2735399/; classtype:trojan-activity;sid:83598499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735077)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/store.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.globallaborsupply.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2735077/; classtype:trojan-activity;sid:83598177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734988)"; flow:established,from_client; content:"GET"; http_method; content:"/lti_ruby/av/development/insertionsortpro.js"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"lti.cs.vt.edu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734988/; classtype:trojan-activity;sid:83598088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734983)"; flow:established,from_client; content:"GET"; http_method; content:"/wei"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"80.68.196.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734983/; classtype:trojan-activity;sid:83598083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734981)"; flow:established,from_client; content:"GET"; http_method; content:"/vendor/bin/nobody/clean.it"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"xiangshunjy.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734981/; classtype:trojan-activity;sid:83598081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734979)"; flow:established,from_client; content:"GET"; http_method; content:"/404"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.184.194.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734979/; classtype:trojan-activity;sid:83598079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733771)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_23; reference:url, urlhaus.abuse.ch/url/2733771/; classtype:trojan-activity;sid:83596871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733662)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.100.63.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_22; reference:url, urlhaus.abuse.ch/url/2733662/; classtype:trojan-activity;sid:83596762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731357)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.165.209.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_16; reference:url, urlhaus.abuse.ch/url/2731357/; classtype:trojan-activity;sid:83594457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730213)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sjm5t0ktlepibtv3kgaousspnw3zonom"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_13; reference:url, urlhaus.abuse.ch/url/2730213/; classtype:trojan-activity;sid:83593313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730069)"; flow:established,from_client; content:"GET"; http_method; content:"/cronusxd/update/releases/download/programa/universal.cheat.all.games.rar"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_11_12; reference:url, urlhaus.abuse.ch/url/2730069/; classtype:trojan-activity;sid:83593169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729116)"; flow:established,from_client; content:"GET"; http_method; content:"/oto"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sos.vivi.sg"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_11_09; reference:url, urlhaus.abuse.ch/url/2729116/; classtype:trojan-activity;sid:83592216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729115)"; flow:established,from_client; content:"GET"; http_method; content:"/ns3.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sos.vivi.sg"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_11_09; reference:url, urlhaus.abuse.ch/url/2729115/; classtype:trojan-activity;sid:83592215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2728916)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jmvlc342a-9khhwqofk1aticown34bxe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_08; reference:url, urlhaus.abuse.ch/url/2728916/; classtype:trojan-activity;sid:83592016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726994)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lhnnwoydntgqibsykxwgd32s5xftxvfh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726994/; classtype:trojan-activity;sid:83590094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726921)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1oxpqeutyreby186exx4zeofyz0rjocsp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726921/; classtype:trojan-activity;sid:83590021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726920)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1e2y5yppu_zjj4o3wmuo-2j8n9lbthkzc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726920/; classtype:trojan-activity;sid:83590020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726906)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_ldguopt2cg7fblntw3ltxgtxqtmlflc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726906/; classtype:trojan-activity;sid:83590006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726907)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10lygpyju_dlg3x6r9oslzgblshakstl-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726907/; classtype:trojan-activity;sid:83590007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726789)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zte2ty_wldnnepgomzi6zqqad7moc4kk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726789/; classtype:trojan-activity;sid:83589889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726777)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sqvm1xsoranfnvqst_kkdmn8yhgulm4k"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726777/; classtype:trojan-activity;sid:83589877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726592)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zqzivoxid6wgvjstzd0lg2vxnpnc-puf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_30; reference:url, urlhaus.abuse.ch/url/2726592/; classtype:trojan-activity;sid:83589692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726432)"; flow:established,from_client; content:"GET"; http_method; content:"/drakeo03/rbxfpsunlocker-x64-hotfix1/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_10_28; reference:url, urlhaus.abuse.ch/url/2726432/; classtype:trojan-activity;sid:83589532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726089)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gfn3lqd1rvybut4ha-ldl92wt8ysrzfc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2726089/; classtype:trojan-activity;sid:83589189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2725971)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ctnmusyjuqkrxgvd6uph5ttb4-sb1zxr"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2725971/; classtype:trojan-activity;sid:83589071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2724547)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.187.36.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_10_23; reference:url, urlhaus.abuse.ch/url/2724547/; classtype:trojan-activity;sid:83587647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2723186)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nx37rcyoclifch3waaddhuzclyj4ouue"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_23; reference:url, urlhaus.abuse.ch/url/2723186/; classtype:trojan-activity;sid:83586286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720676)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.210.35.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_15; reference:url, urlhaus.abuse.ch/url/2720676/; classtype:trojan-activity;sid:83583776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720427)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.213.157.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_14; reference:url, urlhaus.abuse.ch/url/2720427/; classtype:trojan-activity;sid:83583527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719389)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1satmexzn3qpvqzfxnc-5dtnnn8lihdxh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_12; reference:url, urlhaus.abuse.ch/url/2719389/; classtype:trojan-activity;sid:83582489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2717631)"; flow:established,from_client; content:"GET"; http_method; content:"/112s"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.249.172.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_06; reference:url, urlhaus.abuse.ch/url/2717631/; classtype:trojan-activity;sid:83580731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714956)"; flow:established,from_client; content:"GET"; http_method; content:"/112"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"43.249.172.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714956/; classtype:trojan-activity;sid:83578056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713178)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.82.211.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713178/; classtype:trojan-activity;sid:83576278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2712484)"; flow:established,from_client; content:"GET"; http_method; content:"/test/test.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pouya.blob.core.windows.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_19; reference:url, urlhaus.abuse.ch/url/2712484/; classtype:trojan-activity;sid:83575584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2705989)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.94.9.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_08_21; reference:url, urlhaus.abuse.ch/url/2705989/; classtype:trojan-activity;sid:83569089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2705628)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"90.68.161.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_08_20; reference:url, urlhaus.abuse.ch/url/2705628/; classtype:trojan-activity;sid:83568728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2703301)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/twentytwenty/html.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"fetchdesignprint.co.za"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_08_09; reference:url, urlhaus.abuse.ch/url/2703301/; classtype:trojan-activity;sid:83566401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2699237)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.135.142.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_05; reference:url, urlhaus.abuse.ch/url/2699237/; classtype:trojan-activity;sid:83562337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2698184)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"z.shavsl.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_08_04; reference:url, urlhaus.abuse.ch/url/2698184/; classtype:trojan-activity;sid:83561284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2695319)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.214.56.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_01; reference:url, urlhaus.abuse.ch/url/2695319/; classtype:trojan-activity;sid:83558419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2693150)"; flow:established,from_client; content:"GET"; http_method; content:"/housenetshare.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"stdown.dinju.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_31; reference:url, urlhaus.abuse.ch/url/2693150/; classtype:trojan-activity;sid:83556250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2684828)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.100.50.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_18; reference:url, urlhaus.abuse.ch/url/2684828/; classtype:trojan-activity;sid:83547928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678477)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.234.203.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678477/; classtype:trojan-activity;sid:83541577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2676880)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/id3/qmydsnl.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"lostheaven.com.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_07_05; reference:url, urlhaus.abuse.ch/url/2676880/; classtype:trojan-activity;sid:83539980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2676879)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/id3/apctntoca.bmp"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"lostheaven.com.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_07_05; reference:url, urlhaus.abuse.ch/url/2676879/; classtype:trojan-activity;sid:83539979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2675524)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.5.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_07_02; reference:url, urlhaus.abuse.ch/url/2675524/; classtype:trojan-activity;sid:83538624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661661)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661661/; classtype:trojan-activity;sid:83524761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661657)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661657/; classtype:trojan-activity;sid:83524757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661658)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661658/; classtype:trojan-activity;sid:83524758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661659)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661659/; classtype:trojan-activity;sid:83524759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661660)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661660/; classtype:trojan-activity;sid:83524760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661653)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661653/; classtype:trojan-activity;sid:83524753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661654)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661654/; classtype:trojan-activity;sid:83524754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661655)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661655/; classtype:trojan-activity;sid:83524755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661656)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661656/; classtype:trojan-activity;sid:83524756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2637944)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.38.23.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_05_21; reference:url, urlhaus.abuse.ch/url/2637944/; classtype:trojan-activity;sid:83501044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2618340)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_26; reference:url, urlhaus.abuse.ch/url/2618340/; classtype:trojan-activity;sid:83481440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615901)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.59.133.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_22; reference:url, urlhaus.abuse.ch/url/2615901/; classtype:trojan-activity;sid:83479001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615314)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615314/; classtype:trojan-activity;sid:83478414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615296)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.195.141.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615296/; classtype:trojan-activity;sid:83478396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615287)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615287/; classtype:trojan-activity;sid:83478387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615283)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.65.45.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615283/; classtype:trojan-activity;sid:83478383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615280)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.93.41.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615280/; classtype:trojan-activity;sid:83478380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615262)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.81.127.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615262/; classtype:trojan-activity;sid:83478362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615260)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.22.237.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615260/; classtype:trojan-activity;sid:83478360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615259)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.20.122.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615259/; classtype:trojan-activity;sid:83478359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615258)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.153.20.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615258/; classtype:trojan-activity;sid:83478358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2598926)"; flow:established,from_client; content:"GET"; http_method; content:"/4afziyfqzm/afziyfqzm/downloads/new_kiddions.rar"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_05; reference:url, urlhaus.abuse.ch/url/2598926/; classtype:trojan-activity;sid:83462026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2581006)"; flow:established,from_client; content:"GET"; http_method; content:"/salatikochen/salatapps/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_03_22; reference:url, urlhaus.abuse.ch/url/2581006/; classtype:trojan-activity;sid:83444106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2562937)"; flow:established,from_client; content:"GET"; http_method; content:"/b512c9bf0b/rnlgmamvrrbyey3nzb/"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"ns1.koleso.tc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_08; reference:url, urlhaus.abuse.ch/url/2562937/; classtype:trojan-activity;sid:83426037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2545788)"; flow:established,from_client; content:"GET"; http_method; content:"/tedburke/commandcam/archive/refs/heads/master.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_20; reference:url, urlhaus.abuse.ch/url/2545788/; classtype:trojan-activity;sid:83408888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2540034)"; flow:established,from_client; content:"GET"; http_method; content:"/unlockteame/unlimited/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_14; reference:url, urlhaus.abuse.ch/url/2540034/; classtype:trojan-activity;sid:83403134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530828)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_05; reference:url, urlhaus.abuse.ch/url/2530828/; classtype:trojan-activity;sid:83393928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517803)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_25; reference:url, urlhaus.abuse.ch/url/2517803/; classtype:trojan-activity;sid:83380903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517462)"; flow:established,from_client; content:"GET"; http_method; content:"/kb824105-x86-enu.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"microsecurityupdate.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517462/; classtype:trojan-activity;sid:83380562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517273)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517273/; classtype:trojan-activity;sid:83380373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517268)"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517268/; classtype:trojan-activity;sid:83380368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2513697)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_20; reference:url, urlhaus.abuse.ch/url/2513697/; classtype:trojan-activity;sid:83376797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2513699)"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_20; reference:url, urlhaus.abuse.ch/url/2513699/; classtype:trojan-activity;sid:83376799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2504339)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/89wkr/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"coadymarine.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_01_11; reference:url, urlhaus.abuse.ch/url/2504339/; classtype:trojan-activity;sid:83367439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2466408)"; flow:established,from_client; content:"GET"; http_method; content:"/sys.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.38.23.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_12_16; reference:url, urlhaus.abuse.ch/url/2466408/; classtype:trojan-activity;sid:83329508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2441027)"; flow:established,from_client; content:"GET"; http_method; content:"/dl/idr/v3/pub/idrb5event.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"update.itopvpn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2022_12_01; reference:url, urlhaus.abuse.ch/url/2441027/; classtype:trojan-activity;sid:83304127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440082)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/token%20grabber.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440082/; classtype:trojan-activity;sid:83303182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440081)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440081/; classtype:trojan-activity;sid:83303181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2423598)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_11_17; reference:url, urlhaus.abuse.ch/url/2423598/; classtype:trojan-activity;sid:83286698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414734)"; flow:established,from_client; content:"GET"; http_method; content:"/core"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnom.sante.gov.ml"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414734/; classtype:trojan-activity;sid:83277834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414733)"; flow:established,from_client; content:"GET"; http_method; content:"/12"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cnom.sante.gov.ml"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414733/; classtype:trojan-activity;sid:83277833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2408069)"; flow:established,from_client; content:"GET"; http_method; content:"/analytics/zy5ntk/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fromthetrenchesworldreport.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2022_11_11; reference:url, urlhaus.abuse.ch/url/2408069/; classtype:trojan-activity;sid:83271169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2407720)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/eaeuutop/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.globallaborsupply.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2022_11_11; reference:url, urlhaus.abuse.ch/url/2407720/; classtype:trojan-activity;sid:83270820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2403434)"; flow:established,from_client; content:"GET"; http_method; content:"/down/fw/fw.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_07; reference:url, urlhaus.abuse.ch/url/2403434/; classtype:trojan-activity;sid:83266534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2301947)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.201.176.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_13; reference:url, urlhaus.abuse.ch/url/2301947/; classtype:trojan-activity;sid:83165047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2296313)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_09_07; reference:url, urlhaus.abuse.ch/url/2296313/; classtype:trojan-activity;sid:83159413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2267284)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.38.24.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_06; reference:url, urlhaus.abuse.ch/url/2267284/; classtype:trojan-activity;sid:83130384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2261300)"; flow:established,from_client; content:"GET"; http_method; content:"/opencart/system/library/cache/.cache/loader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"www.maxmoney.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_07_26; reference:url, urlhaus.abuse.ch/url/2261300/; classtype:trojan-activity;sid:83124400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2260566)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.65.205.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_07_24; reference:url, urlhaus.abuse.ch/url/2260566/; classtype:trojan-activity;sid:83123666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2252574)"; flow:established,from_client; content:"GET"; http_method; content:"/updates1/up.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1717.1000uc.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_30; reference:url, urlhaus.abuse.ch/url/2252574/; classtype:trojan-activity;sid:83115674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250831)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.205.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_27; reference:url, urlhaus.abuse.ch/url/2250831/; classtype:trojan-activity;sid:83113931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2246119)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.169.235.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_20; reference:url, urlhaus.abuse.ch/url/2246119/; classtype:trojan-activity;sid:83109219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2237418)"; flow:established,from_client; content:"GET"; http_method; content:"/system/gbh/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"airhobi.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_14; reference:url, urlhaus.abuse.ch/url/2237418/; classtype:trojan-activity;sid:83100518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2236625)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sm02zsvdywdotb7rql/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"dhnconstrucciones.com.ar"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_13; reference:url, urlhaus.abuse.ch/url/2236625/; classtype:trojan-activity;sid:83099725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2233031)"; flow:established,from_client; content:"GET"; http_method; content:"/.l/pty4|3f|ddos"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"106.246.224.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_10; reference:url, urlhaus.abuse.ch/url/2233031/; classtype:trojan-activity;sid:83096131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2230406)"; flow:established,from_client; content:"GET"; http_method; content:"/down/newsales/adm_atu.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"palharesinformatica.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_08; reference:url, urlhaus.abuse.ch/url/2230406/; classtype:trojan-activity;sid:83093506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2227709)"; flow:established,from_client; content:"GET"; http_method; content:"/img/rm0xpx/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"jobcity.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_06; reference:url, urlhaus.abuse.ch/url/2227709/; classtype:trojan-activity;sid:83090809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2218862)"; flow:established,from_client; content:"GET"; http_method; content:"/accesorios/plg/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tecni-soft.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_05_31; reference:url, urlhaus.abuse.ch/url/2218862/; classtype:trojan-activity;sid:83081962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2211781)"; flow:established,from_client; content:"GET"; http_method; content:"/accesorios/xqp/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tecni-soft.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_05_26; reference:url, urlhaus.abuse.ch/url/2211781/; classtype:trojan-activity;sid:83074881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2192744)"; flow:established,from_client; content:"GET"; http_method; content:"/crt/xe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pns.org.pk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_05_13; reference:url, urlhaus.abuse.ch/url/2192744/; classtype:trojan-activity;sid:83055844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2191248)"; flow:established,from_client; content:"GET"; http_method; content:"/application/phebceg4tx/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.ingonherbal.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_05_12; reference:url, urlhaus.abuse.ch/url/2191248/; classtype:trojan-activity;sid:83054348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2150451)"; flow:established,from_client; content:"GET"; http_method; content:"/.vi"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.216.133.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_04_16; reference:url, urlhaus.abuse.ch/url/2150451/; classtype:trojan-activity;sid:83013551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2143816)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/server.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"linkvilleplayers.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2022_04_12; reference:url, urlhaus.abuse.ch/url/2143816/; classtype:trojan-activity;sid:83006916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2134110)"; flow:established,from_client; content:"GET"; http_method; content:"/0011b9cd240249c3aeb520ea1205eaf1.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zhengxinpeixun.oss-cn-qingdao.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_04_06; reference:url, urlhaus.abuse.ch/url/2134110/; classtype:trojan-activity;sid:82997210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2124302)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.10.0/xmrig-6.10.0-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_03_31; reference:url, urlhaus.abuse.ch/url/2124302/; classtype:trojan-activity;sid:82987402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2120576)"; flow:established,from_client; content:"GET"; http_method; content:"/64prpldhbugztyb2zl/xjvfxpux7xeopwtqsq2/|3f|i=1"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"www.chemsky.tn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2120576/; classtype:trojan-activity;sid:82983676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2120577)"; flow:established,from_client; content:"GET"; http_method; content:"/64prpldhbugztyb2zl/xjvfxpux7xeopwtqsq2/"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.chemsky.tn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2120577/; classtype:trojan-activity;sid:82983677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2113865)"; flow:established,from_client; content:"GET"; http_method; content:"/.l/pty3|3f|ddos"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"106.246.224.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_03_24; reference:url, urlhaus.abuse.ch/url/2113865/; classtype:trojan-activity;sid:82976965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086600)"; flow:established,from_client; content:"GET"; http_method; content:"/logfiles/u2o/"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.25.223.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086600/; classtype:trojan-activity;sid:82949700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086476)"; flow:established,from_client; content:"GET"; http_method; content:"/.l/pty4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"106.246.224.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086476/; classtype:trojan-activity;sid:82949576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086449)"; flow:established,from_client; content:"GET"; http_method; content:"/.l/pty3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"106.246.224.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086449/; classtype:trojan-activity;sid:82949549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gvnzexvvs3vpv0-ihflwnmzmhij3qqly"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086235/; classtype:trojan-activity;sid:82949335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2076705)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.158.95.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_03_04; reference:url, urlhaus.abuse.ch/url/2076705/; classtype:trojan-activity;sid:82939805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2066122)"; flow:established,from_client; content:"GET"; http_method; content:"/images/vin1.jpg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"namthaibinh.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_02_28; reference:url, urlhaus.abuse.ch/url/2066122/; classtype:trojan-activity;sid:82929222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2051389)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.142.114.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_21; reference:url, urlhaus.abuse.ch/url/2051389/; classtype:trojan-activity;sid:82914489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2048755)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_02_19; reference:url, urlhaus.abuse.ch/url/2048755/; classtype:trojan-activity;sid:82911855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2043048)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_14; reference:url, urlhaus.abuse.ch/url/2043048/; classtype:trojan-activity;sid:82906148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1996626)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.92.181.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_21; reference:url, urlhaus.abuse.ch/url/1996626/; classtype:trojan-activity;sid:82859726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1988943)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.sh|3f|le0943_http"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.145.227.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_19; reference:url, urlhaus.abuse.ch/url/1988943/; classtype:trojan-activity;sid:82852043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1915365)"; flow:established,from_client; content:"GET"; http_method; content:"/5j1ae/apmyyqsc6q3p5y/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"aosafrica.co.za"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_23; reference:url, urlhaus.abuse.ch/url/1915365/; classtype:trojan-activity;sid:82778465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1887133)"; flow:established,from_client; content:"GET"; http_method; content:"/autokey/update/autokey.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"api.52kkg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1887133/; classtype:trojan-activity;sid:82750233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1761107)"; flow:established,from_client; content:"GET"; http_method; content:"/svr_netchecker/server.asp|3f|v_command=3002|7c|26|7c|v_progname=sjptmanagerlauncher.exe"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"server.toeicswt.co.kr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_11_07; reference:url, urlhaus.abuse.ch/url/1761107/; classtype:trojan-activity;sid:82624207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1657096)"; flow:established,from_client; content:"GET"; http_method; content:"/update/ana/update.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.teknoarge.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1657096/; classtype:trojan-activity;sid:82520196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1653848)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/23s"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"101.51.121.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_10_04; reference:url, urlhaus.abuse.ch/url/1653848/; classtype:trojan-activity;sid:82516948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1653849)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/23"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"101.51.121.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_10_04; reference:url, urlhaus.abuse.ch/url/1653849/; classtype:trojan-activity;sid:82516949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1647561)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12ma_yvbmprts6e_vkfnmwikrnwsarqbw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_29; reference:url, urlhaus.abuse.ch/url/1647561/; classtype:trojan-activity;sid:82510661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1624890)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1o9jg3oqyewncoptigwscdbtfmvtfqygj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_16; reference:url, urlhaus.abuse.ch/url/1624890/; classtype:trojan-activity;sid:82487990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1577204)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.126.170.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_08_30; reference:url, urlhaus.abuse.ch/url/1577204/; classtype:trojan-activity;sid:82440304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1560761)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/safmanager/safman_setup.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.saf-oil.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_24; reference:url, urlhaus.abuse.ch/url/1560761/; classtype:trojan-activity;sid:82423861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1539372)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.120.211.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_16; reference:url, urlhaus.abuse.ch/url/1539372/; classtype:trojan-activity;sid:82402472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1506064)"; flow:established,from_client; content:"GET"; http_method; content:"/ortakmodul/nbys%20asm.net.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"files5.uludagbilisim.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2021_08_04; reference:url, urlhaus.abuse.ch/url/1506064/; classtype:trojan-activity;sid:82369164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1506027)"; flow:established,from_client; content:"GET"; http_method; content:"/nbys.aspx|3f|f=aile_hekimligi/nbys%20ah.net.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"files5.uludagbilisim.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2021_08_04; reference:url, urlhaus.abuse.ch/url/1506027/; classtype:trojan-activity;sid:82369127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1497688)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_08_01; reference:url, urlhaus.abuse.ch/url/1497688/; classtype:trojan-activity;sid:82360788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1469946)"; flow:established,from_client; content:"GET"; http_method; content:"/hajime"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_21; reference:url, urlhaus.abuse.ch/url/1469946/; classtype:trojan-activity;sid:82333046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1459190)"; flow:established,from_client; content:"GET"; http_method; content:"/cliopmq/cluton.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"protechasia.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_16; reference:url, urlhaus.abuse.ch/url/1459190/; classtype:trojan-activity;sid:82322290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1434520)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_07; reference:url, urlhaus.abuse.ch/url/1434520/; classtype:trojan-activity;sid:82297620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422022)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1n8_s6gijerearczwh74blkygodig64eo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422022/; classtype:trojan-activity;sid:82285122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422010)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yfqtugahqhqrulwugdekeavffktsl8ci"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422010/; classtype:trojan-activity;sid:82285110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1402229)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.230.153.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_26; reference:url, urlhaus.abuse.ch/url/1402229/; classtype:trojan-activity;sid:82265329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1393270)"; flow:established,from_client; content:"GET"; http_method; content:"/downfile.asp|3f|sid=276663/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.ysbaojia.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_24; reference:url, urlhaus.abuse.ch/url/1393270/; classtype:trojan-activity;sid:82256370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1391235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sbd1rnw8luztjmsh6gdlzupvyupbopa0|7c|26|7c|revid=0b3yyjts_woklr2vnyxvqohlidxbxn1l2wwjntxfnwvi5v0h3pq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_23; reference:url, urlhaus.abuse.ch/url/1391235/; classtype:trojan-activity;sid:82254335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1378480)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ctmywlj5wouiug1wgizy3ke7yj1u0yor|7c|26|7c|revid=0b_t0-zked1mgagxwmxcwywq5q0q1uk1uoxcwaup6l2ovmtdjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_19; reference:url, urlhaus.abuse.ch/url/1378480/; classtype:trojan-activity;sid:82241580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1372338)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1alq8r5tnr6wwiftqa3l6d9fymv7y0g9m"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_17; reference:url, urlhaus.abuse.ch/url/1372338/; classtype:trojan-activity;sid:82235438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1352974)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_06_11; reference:url, urlhaus.abuse.ch/url/1352974/; classtype:trojan-activity;sid:82216074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350517)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1tilqozot07vylvdmmsfs7ia452jwhktj|7c|26|7c|revid=0b7gsmqzks4xkcdjcwhuvatj2qvlvchnmnnovu2ldzstek2jzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350517/; classtype:trojan-activity;sid:82213617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1348672)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1etpmpb2shvuny5dxj5awfpxklxqpbzgx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1348672/; classtype:trojan-activity;sid:82211772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1331376)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1b6t1mjnjcvndcy-mdqq0neqrbocqyju4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_06; reference:url, urlhaus.abuse.ch/url/1331376/; classtype:trojan-activity;sid:82194476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1327898)"; flow:established,from_client; content:"GET"; http_method; content:"/inst77player/inst77player_1.0.0.1.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl.360tpcdn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_06_05; reference:url, urlhaus.abuse.ch/url/1327898/; classtype:trojan-activity;sid:82190998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1319551)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nw1gmzg6lwtuhs0tte969xcfpp9_dc5q"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_03; reference:url, urlhaus.abuse.ch/url/1319551/; classtype:trojan-activity;sid:82182651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237693)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1z7qhwcozjwehksdhw-yuivac2jzwjqia"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237693/; classtype:trojan-activity;sid:82100793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237690)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1m8jszvq-ztfrul7vgsb6q-n3ftgnkbdj|7c|26|7c|revid=0bxrhybf9__wnmgjlnmxmunzznlu0v204azc4edmzcep6a0hzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237690/; classtype:trojan-activity;sid:82100790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1233306)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gv_nk9llqw4fxudo-khja7nuuj1kevvw|7c|26|7c|revid=0b7zefp-g6n7vm0zhowo4be9pvus4mmh0ymxvd3r6zlu3ylznpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_14; reference:url, urlhaus.abuse.ch/url/1233306/; classtype:trojan-activity;sid:82096406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1228961)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1a7jwdzayvxw_d3cgv_n7tjf4sty3ufor|7c|26|7c|export=download"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1228961/; classtype:trojan-activity;sid:82092061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1223122)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"218.38.241.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_12; reference:url, urlhaus.abuse.ch/url/1223122/; classtype:trojan-activity;sid:82086222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1220349)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1h_dyp_d5lst4akyf2qezxl7j1scvbtvs|7c|26|7c|revid=0b5thckui5i0mdk5moelbnm9vuhnydvjnvwpyq01vrg5xvwhrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_11; reference:url, urlhaus.abuse.ch/url/1220349/; classtype:trojan-activity;sid:82083449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1199812)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uygnpwzzyzn2rodsrimg0-sloxy_letg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1199812/; classtype:trojan-activity;sid:82062912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1184754)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ygn4gkmy9musdp_lgnpyjjh6rskt39vp|7c|26|7c|revid=0b8rbgp2bpeofmk5ta3n3mgjtefbzdevwtk5wwhpjd3yruejjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_30; reference:url, urlhaus.abuse.ch/url/1184754/; classtype:trojan-activity;sid:82047854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181763)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mep5euraznm5lmjsb2cuzgf1bs5uzxq6l0lnqudflzavns5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8.exe"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"cfs9.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181763/; classtype:trojan-activity;sid:82044863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%bf%c0%b7%f9%c7%d8%b0%e1%c7%cf%b1%e2.exe"; http_uri; depth:184; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181758/; classtype:trojan-activity;sid:82044858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181756)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mdczafhaznmxmc5ibg9nlmrhdw0ubmv0oi9jtufhrs8wlzkwlmv4zq==|7c|26|7c|filename=xp_sp3_%ed%85%8c%eb%a7%88%ed%8c%a8%ec%b9%98.exe"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"cfs10.blog.daum.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181756/; classtype:trojan-activity;sid:82044856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181754)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%d8%b0%ef%bf%bd%ef%bf%bd%cf%b1%ef%bf%bd.exe"; http_uri; depth:232; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181754/; classtype:trojan-activity;sid:82044854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181755)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=metnwe5aznm3lmjsb2cuzgf1bs5uzxq6l0lnqudflzavmc5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe/%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe"; http_uri; depth:303; isdataat:!1,relative; nocase; content:"cfs7.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181755/; classtype:trojan-activity;sid:82044855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1167210)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.145.227.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_04_25; reference:url, urlhaus.abuse.ch/url/1167210/; classtype:trojan-activity;sid:82030310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1152444)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jpl-uouydm5hypqm67uokyddrblbpxvw|7c|26|7c|revid=0b7zpiprmoc5ubhpwclq0cxdyte5vwtrbymnidznhtgm3bzvrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_22; reference:url, urlhaus.abuse.ch/url/1152444/; classtype:trojan-activity;sid:82015544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1091105)"; flow:established,from_client; content:"GET"; http_method; content:"/r6x7x6rf.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"travelwithmanta.co.za"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_03_25; reference:url, urlhaus.abuse.ch/url/1091105/; classtype:trojan-activity;sid:81954205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1090482)"; flow:established,from_client; content:"GET"; http_method; content:"/r6x7x6rf.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"travelwithmanta.co.za"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_03_25; reference:url, urlhaus.abuse.ch/url/1090482/; classtype:trojan-activity;sid:81953582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1061608)"; flow:established,from_client; content:"GET"; http_method; content:"/dos/nemesy13.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dl.packetstormsecurity.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2021_03_11; reference:url, urlhaus.abuse.ch/url/1061608/; classtype:trojan-activity;sid:81924708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1040535)"; flow:established,from_client; content:"GET"; http_method; content:"/agha25.tar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"spaceframe.mobi.space-frame.co.za"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2021_03_01; reference:url, urlhaus.abuse.ch/url/1040535/; classtype:trojan-activity;sid:81903635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1009349)"; flow:established,from_client; content:"GET"; http_method; content:"/2017/06/radbxnzdxbd.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"360down7.miiyun.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_02_14; reference:url, urlhaus.abuse.ch/url/1009349/; classtype:trojan-activity;sid:81872449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (995049)"; flow:established,from_client; content:"GET"; http_method; content:"/txs9e9.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"buscascolegios.diit.cl"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_08; reference:url, urlhaus.abuse.ch/url/995049/; classtype:trojan-activity;sid:81858149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (995040)"; flow:established,from_client; content:"GET"; http_method; content:"/txs9e9.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"buscascolegios.diit.cl"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_08; reference:url, urlhaus.abuse.ch/url/995040/; classtype:trojan-activity;sid:81858140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (986697)"; flow:established,from_client; content:"GET"; http_method; content:"/dcbl8fi.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"library.arihantmbainstitute.ac.in"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2021_02_01; reference:url, urlhaus.abuse.ch/url/986697/; classtype:trojan-activity;sid:81849797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (957784)"; flow:established,from_client; content:"GET"; http_method; content:"/gamewd/yhdl.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"download.caihong.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_13; reference:url, urlhaus.abuse.ch/url/957784/; classtype:trojan-activity;sid:81820884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (946607)"; flow:established,from_client; content:"GET"; http_method; content:"/css/wwyxh5cctn/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_01; reference:url, urlhaus.abuse.ch/url/946607/; classtype:trojan-activity;sid:81809707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (936427)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/bxjesdj7w3meuh7iatiurbsgh/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/936427/; classtype:trojan-activity;sid:81799527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (935625)"; flow:established,from_client; content:"GET"; http_method; content:"/u0eukz.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"abissnet.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/935625/; classtype:trojan-activity;sid:81798725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (788214)"; flow:established,from_client; content:"GET"; http_method; content:"/v2x2vexx.jpg"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"yzkzixun.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_11_05; reference:url, urlhaus.abuse.ch/url/788214/; classtype:trojan-activity;sid:81651314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (754857)"; flow:established,from_client; content:"GET"; http_method; content:"/gfl7i3kp.rar"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"karer.by"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_10_27; reference:url, urlhaus.abuse.ch/url/754857/; classtype:trojan-activity;sid:81617957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (723755)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sites/ci6p05scnuonqslqmehm/"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/723755/; classtype:trojan-activity;sid:81586855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (723711)"; flow:established,from_client; content:"GET"; http_method; content:"/css/attachments/"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/723711/; classtype:trojan-activity;sid:81586811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (637433)"; flow:established,from_client; content:"GET"; http_method; content:"/paetools.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"soft.110route.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_01; reference:url, urlhaus.abuse.ch/url/637433/; classtype:trojan-activity;sid:81500533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (611407)"; flow:established,from_client; content:"GET"; http_method; content:"/css/3u/"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_25; reference:url, urlhaus.abuse.ch/url/611407/; classtype:trojan-activity;sid:81474507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (554647)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/x7z9wbk77tt6v9/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/554647/; classtype:trojan-activity;sid:81417747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (552113)"; flow:established,from_client; content:"GET"; http_method; content:"/css/llc/fa1torcvwmvsw1ioua/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/552113/; classtype:trojan-activity;sid:81415213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (490516)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack1226.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_14; reference:url, urlhaus.abuse.ch/url/490516/; classtype:trojan-activity;sid:81353616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (444932)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/document/81828115/bkxjh/"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"hr2019.vrcom7.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_27; reference:url, urlhaus.abuse.ch/url/444932/; classtype:trojan-activity;sid:81308032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439389)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439389/; classtype:trojan-activity;sid:81302489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438705)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/file/21mnqlvi/oz88535657v7rbazasyth9x8i/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438705/; classtype:trojan-activity;sid:81301805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438621)"; flow:established,from_client; content:"GET"; http_method; content:"/css/statement/sv8ah2oz31fj/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438621/; classtype:trojan-activity;sid:81301721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (436727)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_19; reference:url, urlhaus.abuse.ch/url/436727/; classtype:trojan-activity;sid:81299827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434592)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434592/; classtype:trojan-activity;sid:81297692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434320)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434320/; classtype:trojan-activity;sid:81297420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432815)"; flow:established,from_client; content:"GET"; http_method; content:"/css/doc/kbc9dts71991684654644570io07lx5tws9zd0q/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_14; reference:url, urlhaus.abuse.ch/url/432815/; classtype:trojan-activity;sid:81295915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432117)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_13; reference:url, urlhaus.abuse.ch/url/432117/; classtype:trojan-activity;sid:81295217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (431601)"; flow:established,from_client; content:"GET"; http_method; content:"/homegrownorlando.com/scan/5k2b2y4/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"exilum.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_13; reference:url, urlhaus.abuse.ch/url/431601/; classtype:trojan-activity;sid:81294701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429864)"; flow:established,from_client; content:"GET"; http_method; content:"/css/fqcfrfvwflt3/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_12; reference:url, urlhaus.abuse.ch/url/429864/; classtype:trojan-activity;sid:81292964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427195)"; flow:established,from_client; content:"GET"; http_method; content:"/homegrownorlando.com/closed-section/additional-area/740331365-r4cxbyqtk/"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"exilum.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427195/; classtype:trojan-activity;sid:81290295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427189)"; flow:established,from_client; content:"GET"; http_method; content:"/css/private_module/test_cloud/z3gjv_w4zyu545ts846/"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427189/; classtype:trojan-activity;sid:81290289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426390)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/open-0627720493640-azq24pffjrm/guarded-space/gxkx9t42ra6yf-6x7uyx330389w/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426390/; classtype:trojan-activity;sid:81289490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422458)"; flow:established,from_client; content:"GET"; http_method; content:"/invoice/aog-3515110/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"lindnerelektroanlagen.de"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422458/; classtype:trojan-activity;sid:81285558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421897)"; flow:established,from_client; content:"GET"; http_method; content:"/css/reporting/po3x708837819192166196fun7k976gnpv/"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421897/; classtype:trojan-activity;sid:81284997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (420521)"; flow:established,from_client; content:"GET"; http_method; content:"/css/parts_service/ly944myw/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"hitstation.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_28; reference:url, urlhaus.abuse.ch/url/420521/; classtype:trojan-activity;sid:81283621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (419853)"; flow:established,from_client; content:"GET"; http_method; content:"/homegrownorlando.com/djsv1tay8/"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"exilum.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_27; reference:url, urlhaus.abuse.ch/url/419853/; classtype:trojan-activity;sid:81282953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (363653)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"218.38.241.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_16; reference:url, urlhaus.abuse.ch/url/363653/; classtype:trojan-activity;sid:81226753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzzcxmzyyqgzzns50axn0b3j5lmnvbtovyxr0ywnolzavmtqwmdawmdawmdawlmv4zq%3d%3d|7c|26|7c|filename=crack-pro20.exe"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"cfs5.tistory.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_08; reference:url, urlhaus.abuse.ch/url/322758/; classtype:trojan-activity;sid:81185858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322467)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1/jet.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322467/; classtype:trojan-activity;sid:81185567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322465)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1/sunset1.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322465/; classtype:trojan-activity;sid:81185565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322462)"; flow:established,from_client; content:"GET"; http_method; content:"/flowers/flowers1/smell-the-roses.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322462/; classtype:trojan-activity;sid:81185562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318948)"; flow:established,from_client; content:"GET"; http_method; content:"/fuzzbunch/fuzzbunch/master/payloads/doublepulsar-1.3.1.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318948/; classtype:trojan-activity;sid:81182048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (242568)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_10; reference:url, urlhaus.abuse.ch/url/242568/; classtype:trojan-activity;sid:81105668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240426)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.113.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240426/; classtype:trojan-activity;sid:81103526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240237)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"216.183.54.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240237/; classtype:trojan-activity;sid:81103337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240036)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240036/; classtype:trojan-activity;sid:81103136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239977)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.126.178.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/239977/; classtype:trojan-activity;sid:81103077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239019)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_06; reference:url, urlhaus.abuse.ch/url/239019/; classtype:trojan-activity;sid:81102119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (238127)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.248.58.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/238127/; classtype:trojan-activity;sid:81101227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (237970)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.11.75.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/237970/; classtype:trojan-activity;sid:81101070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (237890)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/237890/; classtype:trojan-activity;sid:81100990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222979)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/thirdupload/5d3e8177e87cc.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"src1.minibai.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_08_07; reference:url, urlhaus.abuse.ch/url/222979/; classtype:trojan-activity;sid:81086079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (217486)"; flow:established,from_client; content:"GET"; http_method; content:"/meteoradminz/hidden-tear/zip/master"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_07_17; reference:url, urlhaus.abuse.ch/url/217486/; classtype:trojan-activity;sid:81080586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210023)"; flow:established,from_client; content:"GET"; http_method; content:"/opolis.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.opolis.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_06_18; reference:url, urlhaus.abuse.ch/url/210023/; classtype:trojan-activity;sid:81073123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203280)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.hseda.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_29; reference:url, urlhaus.abuse.ch/url/203280/; classtype:trojan-activity;sid:81066380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203157)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"hseda.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_28; reference:url, urlhaus.abuse.ch/url/203157/; classtype:trojan-activity;sid:81066257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (202114)"; flow:established,from_client; content:"GET"; http_method; content:"/screenmate/cute/sm1302.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.starcountry.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_26; reference:url, urlhaus.abuse.ch/url/202114/; classtype:trojan-activity;sid:81065214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (201893)"; flow:established,from_client; content:"GET"; http_method; content:"/products/siplast/_vti_cnf/_vti_cnf.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"unicorpbrunei.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_25; reference:url, urlhaus.abuse.ch/url/201893/; classtype:trojan-activity;sid:81064993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200800)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_asciiverter_v1.00/zke-ascv.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200800/; classtype:trojan-activity;sid:81063900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200798)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/12.2013/nrv-ppwr.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200798/; classtype:trojan-activity;sid:81063898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200771)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/rzr-winner_intro.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"chiptune.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200771/; classtype:trojan-activity;sid:81063871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200770)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_nfo_file_viewer_v1.00/zke-nfoview.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200770/; classtype:trojan-activity;sid:81063870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (197801)"; flow:established,from_client; content:"GET"; http_method; content:"/hao123-soft-online-bcs/soft/d/2014-06-12_djylh.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"download.skycn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197801/; classtype:trojan-activity;sid:81060901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (197800)"; flow:established,from_client; content:"GET"; http_method; content:"/hao123-soft-online-bcs/soft/p/pocketrar350sc.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"download.skycn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197800/; classtype:trojan-activity;sid:81060900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (195911)"; flow:established,from_client; content:"GET"; http_method; content:"/soft_hair/pcsupport.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"support.clz.kr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_14; reference:url, urlhaus.abuse.ch/url/195911/; classtype:trojan-activity;sid:81059011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (175859)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/swfupload/css/inf.inf"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"meeweb.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_04_11; reference:url, urlhaus.abuse.ch/url/175859/; classtype:trojan-activity;sid:81038959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170262)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/3"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170262/; classtype:trojan-activity;sid:81033362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170261)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/2"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170261/; classtype:trojan-activity;sid:81033361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170260)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170260/; classtype:trojan-activity;sid:81033360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (121029)"; flow:established,from_client; content:"GET"; http_method; content:"/active/pcclear_eng_mini.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"down.pcclear.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_02_10; reference:url, urlhaus.abuse.ch/url/121029/; classtype:trojan-activity;sid:80984129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (101043)"; flow:established,from_client; content:"GET"; http_method; content:"/employeemasterimages/qace.jpg"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"livetrack.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_01_02; reference:url, urlhaus.abuse.ch/url/101043/; classtype:trojan-activity;sid:80964143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (96791)"; flow:established,from_client; content:"GET"; http_method; content:"/gvhr-mmj5u8zn2kc5aoq_nkxhprvvh-t9/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"aulist.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2018_12_18; reference:url, urlhaus.abuse.ch/url/96791/; classtype:trojan-activity;sid:80959891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94279)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/20140812/14078161556897.rar"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"static.3001.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94279/; classtype:trojan-activity;sid:80957379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91928)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2010-12/03/519808/4cf8bc6362f34.rar"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91928/; classtype:trojan-activity;sid:80955028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85967)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/rc1veeex.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/85967/; classtype:trojan-activity;sid:80949067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85881)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/5fg9yjwr.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85881/; classtype:trojan-activity;sid:80948981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85879)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/a9to40e7.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85879/; classtype:trojan-activity;sid:80948979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85878)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/e6i8pdc0.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85878/; classtype:trojan-activity;sid:80948978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85877)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-07/28/117228/4wtjdjio.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85877/; classtype:trojan-activity;sid:80948977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85876)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/zwy1q6k0.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85876/; classtype:trojan-activity;sid:80948976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85874)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/06/98428/07c9mfhe.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85874/; classtype:trojan-activity;sid:80948974; rev:1;) # Number of entries: 18941