################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2019-11-21 12:45:02 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fyee/payment_invoice_delivery.exe"; http_uri; depth:34; isdataat:!1,relative; content:"217.73.60.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256389/; classtype:trojan-activity;sid:81119489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/mejfkdilp.doc"; http_uri; depth:22; isdataat:!1,relative; content:"uploadvirus.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256388/; classtype:trojan-activity;sid:81119488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/zevckter.exe"; http_uri; depth:21; isdataat:!1,relative; content:"uploadvirus.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256387/; classtype:trojan-activity;sid:81119487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y4mk5id-cmat2mcjoewt5j7hcu6jy-msq0mveok_ndcpcfzhkwqa1hkdv1uqzprcg6guif2h9r-calub6lq0sny1ydzpc6bskohzpp8gses9dt-eskxtjn3cd8bj8sclgpwkk5m6gkybqp5cmvd2le0o_9ensqrrjru-wpzm8znfxc/20161120_xt101.docxdownload|26|psid=1"; http_uri; depth:213; isdataat:!1,relative; content:"wqkksa.bn.files.1drv.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256386/; classtype:trojan-activity;sid:81119486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ss2r8n7/614199/"; http_uri; depth:16; isdataat:!1,relative; content:"apotecbay.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256383/; classtype:trojan-activity;sid:81119483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yawi6/fjr46/"; http_uri; depth:13; isdataat:!1,relative; content:"mentzo.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256382/; classtype:trojan-activity;sid:81119482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/az16/"; http_uri; depth:14; isdataat:!1,relative; content:"www.danareese.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256381/; classtype:trojan-activity;sid:81119481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/d5l05499/"; http_uri; depth:22; isdataat:!1,relative; content:"fedeminersdigital.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256380/; classtype:trojan-activity;sid:81119480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/larryz/larryz.exe"; http_uri; depth:18; isdataat:!1,relative; content:"dubem.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256379/; classtype:trojan-activity;sid:81119479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/5km2g163/"; http_uri; depth:22; isdataat:!1,relative; content:"kodmuje.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256378/; classtype:trojan-activity;sid:81119478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/penelop/5.exe"; http_uri; depth:20; isdataat:!1,relative; content:"ring2.ug"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256377/; classtype:trojan-activity;sid:81119477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/cost/5.exe"; http_uri; depth:17; isdataat:!1,relative; content:"ring2.ug"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256376/; classtype:trojan-activity;sid:81119476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=afd3942afe1dac11|26|resid=afd3942afe1dac11!144|26|authkey=aavunep5jem4_9w"; http_uri; depth:86; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256375/; classtype:trojan-activity;sid:81119475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pytosj2jd/0nc76zs40663/"; http_uri; depth:24; isdataat:!1,relative; content:"iruainvestments.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256374/; classtype:trojan-activity;sid:81119474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pytosj2jd/2re2j5773/"; http_uri; depth:21; isdataat:!1,relative; content:"jaafarattar.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256373/; classtype:trojan-activity;sid:81119473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pytosj2jd/v9s7ze3/"; http_uri; depth:19; isdataat:!1,relative; content:"www.enegix.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256372/; classtype:trojan-activity;sid:81119472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/cmdz7/"; http_uri; depth:18; isdataat:!1,relative; content:"monitoring.bactrack.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256371/; classtype:trojan-activity;sid:81119471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/k3s20753/"; http_uri; depth:19; isdataat:!1,relative; content:"www.jameslotz.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256369/; classtype:trojan-activity;sid:81119469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/8y6ghhfg"; http_uri; depth:9; isdataat:!1,relative; content:"www.accessyouraudience.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256367/; classtype:trojan-activity;sid:81119467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wp-content/plugins/ubh/mee/mecry.exe"; http_uri; depth:47; isdataat:!1,relative; content:"jobokutokel.jeparakab.go.id"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256366/; classtype:trojan-activity;sid:81119466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/asdferhfjh.bin"; http_uri; depth:15; isdataat:!1,relative; content:"ip-kaskad.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256364/; classtype:trojan-activity;sid:81119464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/csgoloader/azi.exe"; http_uri; depth:19; isdataat:!1,relative; content:"fbkw.tk"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256362/; classtype:trojan-activity;sid:81119462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/v1/auth_b486b5abfb004540a296ddee1b744f78/22141977/htbr10384.zip"; http_uri; depth:64; isdataat:!1,relative; content:"storage.bhs5.cloud.ovh.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256357/; classtype:trojan-activity;sid:81119457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/archivosadultos/wacatac_2019-11-20_19-54.exe"; http_uri; depth:45; isdataat:!1,relative; content:"webparroquia.es"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256356/; classtype:trojan-activity;sid:81119456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/bmjyrnqgp/"; http_uri; depth:19; isdataat:!1,relative; content:"kottur.mx"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256349/; classtype:trojan-activity;sid:81119449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ntdslsb/"; http_uri; depth:18; isdataat:!1,relative; content:"naosuke-ship.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256348/; classtype:trojan-activity;sid:81119448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/q768ism/o7k84dvpy-raegshn-72/"; http_uri; depth:30; isdataat:!1,relative; content:"mracessorios.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256347/; classtype:trojan-activity;sid:81119447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/9q6ty/"; http_uri; depth:15; isdataat:!1,relative; content:"www.eurobizconsulting.it"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256346/; classtype:trojan-activity;sid:81119446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/g1oi/"; http_uri; depth:14; isdataat:!1,relative; content:"scrapy999.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256344/; classtype:trojan-activity;sid:81119444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/7q/"; http_uri; depth:13; isdataat:!1,relative; content:"yummybox.uk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256343/; classtype:trojan-activity;sid:81119443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yjlsdsd/k3/"; http_uri; depth:12; isdataat:!1,relative; content:"handbookforfairygodmothers.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256342/; classtype:trojan-activity;sid:81119442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/connor.exe"; http_uri; depth:11; isdataat:!1,relative; content:"terminator.tk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256337/; classtype:trojan-activity;sid:81119437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files.zip"; http_uri; depth:10; isdataat:!1,relative; content:"45.147.228.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256336/; classtype:trojan-activity;sid:81119436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/az.exe"; http_uri; depth:7; isdataat:!1,relative; content:"45.147.228.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256335/; classtype:trojan-activity;sid:81119435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/44"; http_uri; depth:3; isdataat:!1,relative; content:"gigantic-friends.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256330/; classtype:trojan-activity;sid:81119430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/44"; http_uri; depth:3; isdataat:!1,relative; content:"7godzapparal.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256329/; classtype:trojan-activity;sid:81119429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/whiteloger.exe"; http_uri; depth:15; isdataat:!1,relative; content:"curly-yoron-0282.sunnyday.jp"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256319/; classtype:trojan-activity;sid:81119419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/my/808server.exe"; http_uri; depth:17; isdataat:!1,relative; content:"cdn.isoskycn.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256316/; classtype:trojan-activity;sid:81119416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1109.exe"; http_uri; depth:9; isdataat:!1,relative; content:"simpleshop.cn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256303/; classtype:trojan-activity;sid:81119403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vendor/doctrine/inflector/tests/fra.exe"; http_uri; depth:40; isdataat:!1,relative; content:"www.teorija.rs"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256302/; classtype:trojan-activity;sid:81119402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/storage/app/pov.exe"; http_uri; depth:20; isdataat:!1,relative; content:"www.teorija.rs"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256301/; classtype:trojan-activity;sid:81119401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/archivosadultos/wacatac_2019-11-21_02-59.exe"; http_uri; depth:45; isdataat:!1,relative; content:"webparroquia.es"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256300/; classtype:trojan-activity;sid:81119400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"59.21.111.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_21; reference:url, urlhaus.abuse.ch/url/256291/; classtype:trojan-activity;sid:81119391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/storage/app/whe.exe"; http_uri; depth:20; isdataat:!1,relative; content:"teorija.rs"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256290/; classtype:trojan-activity;sid:81119390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yoted.arm6"; http_uri; depth:11; isdataat:!1,relative; content:"194.76.225.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256289/; classtype:trojan-activity;sid:81119389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yoted.arm5"; http_uri; depth:11; isdataat:!1,relative; content:"194.76.225.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256288/; classtype:trojan-activity;sid:81119388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wp-content/plugins/ubh/linkss/ehehehe.exe"; http_uri; depth:52; isdataat:!1,relative; content:"jobokutokel.jeparakab.go.id"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256287/; classtype:trojan-activity;sid:81119387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/office/vbc.exe"; http_uri; depth:15; isdataat:!1,relative; content:"pdfconverter.firewall-gateway.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256286/; classtype:trojan-activity;sid:81119386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/archivosadultos/wacatac_2019-11-20_23-34.exe"; http_uri; depth:45; isdataat:!1,relative; content:"webparroquia.es"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256284/; classtype:trojan-activity;sid:81119384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/qr/"; http_uri; depth:13; isdataat:!1,relative; content:"eoneprint.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256283/; classtype:trojan-activity;sid:81119383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/vmycwnos/"; http_uri; depth:21; isdataat:!1,relative; content:"press.thewatchbox.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256282/; classtype:trojan-activity;sid:81119382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/plcy4qz3/"; http_uri; depth:19; isdataat:!1,relative; content:"www.lidaautoparts.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256281/; classtype:trojan-activity;sid:81119381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2018/cpnwamrct/"; http_uri; depth:35; isdataat:!1,relative; content:"lc.slovgym.cz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256280/; classtype:trojan-activity;sid:81119380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/0x5q/"; http_uri; depth:18; isdataat:!1,relative; content:"telemielolab.dyrecta.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256278/; classtype:trojan-activity;sid:81119378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/chrome.exe"; http_uri; depth:15; isdataat:!1,relative; content:"subparkissing.co.za"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256276/; classtype:trojan-activity;sid:81119376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tt5xwve/gv44/"; http_uri; depth:14; isdataat:!1,relative; content:"edresources.sparc37.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256275/; classtype:trojan-activity;sid:81119375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/awowpc478/"; http_uri; depth:20; isdataat:!1,relative; content:"bitmainantminer.filmko.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256274/; classtype:trojan-activity;sid:81119374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zs5sc9s/w63ah50/"; http_uri; depth:17; isdataat:!1,relative; content:"www.hymlm.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256273/; classtype:trojan-activity;sid:81119373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/4b39y96286/"; http_uri; depth:22; isdataat:!1,relative; content:"www.hnqy1688.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256272/; classtype:trojan-activity;sid:81119372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/media/kgwm69w345/"; http_uri; depth:18; isdataat:!1,relative; content:"pulpafruit.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256271/; classtype:trojan-activity;sid:81119371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/fl04/"; http_uri; depth:15; isdataat:!1,relative; content:"nerkh.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256270/; classtype:trojan-activity;sid:81119370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/feed/tuu7498/"; http_uri; depth:14; isdataat:!1,relative; content:"rankingfactorytrialsite.stephenhenbie.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256269/; classtype:trojan-activity;sid:81119369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/7pzy05752/"; http_uri; depth:22; isdataat:!1,relative; content:"gregmakroulakis.dxagency.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256268/; classtype:trojan-activity;sid:81119368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ou05/1nv828/"; http_uri; depth:13; isdataat:!1,relative; content:"backyardmamma.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256267/; classtype:trojan-activity;sid:81119367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/whmcs/f134/"; http_uri; depth:12; isdataat:!1,relative; content:"demolms.netpooyesh.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256266/; classtype:trojan-activity;sid:81119366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/storage/app/todd.exe"; http_uri; depth:21; isdataat:!1,relative; content:"www.teorija.rs"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256265/; classtype:trojan-activity;sid:81119365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1-hbf_my15ed0q9y0ybacfvgut1m5mmfu|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256264/; classtype:trojan-activity;sid:81119364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1-koj9xh4zntoubrahs4jd85vw5wkzxji|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256263/; classtype:trojan-activity;sid:81119363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1-u8luswtxjakcuqxiodc1hlwin3yjggj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256262/; classtype:trojan-activity;sid:81119362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1-uaupz7cdfzky_cy1rivrawie7u5cjgx|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256261/; classtype:trojan-activity;sid:81119361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1-v9cibxczcp8a4ckaidteebo5ugaxmir|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256260/; classtype:trojan-activity;sid:81119360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1023lngvfsxtxyvxhx-z13t-ba12efy2d|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256259/; classtype:trojan-activity;sid:81119359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=109xjcuy9klra0cyb4v-qmjlfsc5hrqsz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256258/; classtype:trojan-activity;sid:81119358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=10r3pmnclixwdt1xjyrxizd6yxgnypn9b|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256257/; classtype:trojan-activity;sid:81119357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=10epwlboi8zrapc2eknaccssncarlzifb|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256256/; classtype:trojan-activity;sid:81119356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=10z5wn074244vc_mdxybpygdwwuh8_ma5|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256255/; classtype:trojan-activity;sid:81119355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=11fxeu-sjjoa0x5mb5bhvcsc33sjkyxzz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256254/; classtype:trojan-activity;sid:81119354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=11vpo5noquaiam0qvy-qvvqdkfidrj0si|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256253/; classtype:trojan-activity;sid:81119353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=11zjaxppm1qlhfrgh7fjxt92d7gn2tn2a|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256252/; classtype:trojan-activity;sid:81119352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=11hn0fkcmq6kz9mph4f10ycba-vtxus5g|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256251/; classtype:trojan-activity;sid:81119351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=12iny-k4byvyorkk6ywmisqqbiim_fmms|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256250/; classtype:trojan-activity;sid:81119350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=12jueaxsco2ue-8omzwolphx1twqnxrgy|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256249/; classtype:trojan-activity;sid:81119349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=12fdl-u0njkowtvlsih2ibpa0oxjkqigz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256248/; classtype:trojan-activity;sid:81119348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=12tmuw7va-0scnjsi8uxatimrtt3byat1|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256247/; classtype:trojan-activity;sid:81119347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=133ucg5wh75xc5qdjwtkuw1haabzmrjjl|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256246/; classtype:trojan-activity;sid:81119346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=13a-oar0i8yyraegyt-7b0dbg4lnubttk|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256245/; classtype:trojan-activity;sid:81119345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=13vddyr8nuclnzpyf-vsy1czkudtkbnlc|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256244/; classtype:trojan-activity;sid:81119344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=14dn007evkn0eenqgrykmdcqhjf_u2c-b|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256243/; classtype:trojan-activity;sid:81119343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=14fdj0qk4vetrerphfd0oydidzikixgzz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256242/; classtype:trojan-activity;sid:81119342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=14kdukdrkbhdaztjgd9gbxwy5wa4ivcbf|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256241/; classtype:trojan-activity;sid:81119341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=14tuxbeveowhbkmcmo9n_h_qqkxee45pm|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256240/; classtype:trojan-activity;sid:81119340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=14y_rvqxb4csjavuo1oewmchcfeclivfv|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256239/; classtype:trojan-activity;sid:81119339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=14ddhyqbz9mtw8gja9bsvpmufmicvqszs|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256238/; classtype:trojan-activity;sid:81119338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=14kvhntwb9m_genawf6bqhgtbviq9x2wh|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256237/; classtype:trojan-activity;sid:81119337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=15vfaq6grsuujxwu5gsdbir2iy-u49e9b|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256236/; classtype:trojan-activity;sid:81119336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=15zkff3g3myjpjc3fby2lnkswb1tnerqp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256235/; classtype:trojan-activity;sid:81119335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=16ghnr1dr0ysahmapbx6dz_dccerbmkfk|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256234/; classtype:trojan-activity;sid:81119334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=16n7f_xcn5mad52okojmsrusshox0xvvq|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256233/; classtype:trojan-activity;sid:81119333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=172llron6icpprmpqxf2ihg58mung8afd|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256232/; classtype:trojan-activity;sid:81119332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=17ae2t-l2ra2sp_3lrku1gztn74fcoman|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256231/; classtype:trojan-activity;sid:81119331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=17oebak4fvc76529k2x3mnzucwryf3hpr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256230/; classtype:trojan-activity;sid:81119330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=17yokqh5rx9v4iyng5ox8x9vagis4ujay|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256229/; classtype:trojan-activity;sid:81119329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=17fsy4-y-nfg39dtqnxwaau75na8qt0xk|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256228/; classtype:trojan-activity;sid:81119328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=182izeczi_ejftgirs1cboziz1syoxors|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256227/; classtype:trojan-activity;sid:81119327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=186qamekz6t8h04w8ut-lngsdc5mnuxng|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256226/; classtype:trojan-activity;sid:81119326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=18eeo4qxhj8kmbeopftgdcbq3iuw26t92|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256225/; classtype:trojan-activity;sid:81119325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=19bed9n8qp_fajtualpfa_s4tp-fl3dp8|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256224/; classtype:trojan-activity;sid:81119324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=19id3czjy8qtojtzagdzpkd0wi4nozi_a|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256223/; classtype:trojan-activity;sid:81119323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=19rmhumvyptc1z7ggsrnzdh8_kqsidth7|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256222/; classtype:trojan-activity;sid:81119322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1a7z1ztoynykofijq-ggo0asnjyahqag1|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256221/; classtype:trojan-activity;sid:81119321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ackdfzgsbhdspj_bgqwkklyu8zgh347c|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256220/; classtype:trojan-activity;sid:81119320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ahysj-6jv48o5i3ole7bejmjcwbafzxp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256219/; classtype:trojan-activity;sid:81119319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1anwfhhm9qtzgxvd8rpb2zwqt64vxqzwo|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256218/; classtype:trojan-activity;sid:81119318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1aswfrju6d8wuaousyze9ajz73uvxqlgl|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256217/; classtype:trojan-activity;sid:81119317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ajqsfuhulpxh_paxyvkijmxj7yskeqsp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256216/; classtype:trojan-activity;sid:81119316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1bq-v6xu81oiymmtxhsdo5-5oxcz44ixk|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256215/; classtype:trojan-activity;sid:81119315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1bfjelw-nl65bsk4wohgzvpllga3ydd9j|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256214/; classtype:trojan-activity;sid:81119314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1br06yxcagrjv_v4lfi7yh6qb5-_amw5u|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256213/; classtype:trojan-activity;sid:81119313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1c21il1adbkksu2gqpdamtrgfstvr2xrs|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256212/; classtype:trojan-activity;sid:81119312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1cfyoizorrt2fwtwtp--npfs_q8fiblxl|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256211/; classtype:trojan-activity;sid:81119311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1c_x5b7zh7qcvgsbr5zxlwm3urvmqc9mu|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256210/; classtype:trojan-activity;sid:81119310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1cox9ngrhy5uejzpxvbhoeqxfh5tbtstj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256209/; classtype:trojan-activity;sid:81119309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1cpfiacnmc96hhctz6wdcxj3oswc8lxo2|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256208/; classtype:trojan-activity;sid:81119308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1d7x0fpjbyrp1ncgiyurimozw6-onhh-e|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256207/; classtype:trojan-activity;sid:81119307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dhetecoa4bwhkk-bwk25gmtmztix94tc|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256206/; classtype:trojan-activity;sid:81119306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dc-qmgujfnwjx5mkdlwa9mzshrvy4dab|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256205/; classtype:trojan-activity;sid:81119305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dijkist9ivzrvzdysu8pwtmtmi3fzbz6|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256204/; classtype:trojan-activity;sid:81119304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1e0ydizazccyz6kmzstflmkh1c2urz9yl|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256203/; classtype:trojan-activity;sid:81119303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1epxvei-mif-ujzwws2msvwjzwtcjrchu|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256202/; classtype:trojan-activity;sid:81119302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1edzsaxev7u9nr_ityt4g7gws35scmrpd|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256201/; classtype:trojan-activity;sid:81119301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1emj7ys_nsmbycev9lumhvj56dqmeay4x|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256200/; classtype:trojan-activity;sid:81119300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ernnf-kj-q0w-jzvlx168gvi1phv7tky|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256199/; classtype:trojan-activity;sid:81119299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1f2aznhaageetq7tljqph3xxyh8k7cynl|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256198/; classtype:trojan-activity;sid:81119298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1f2hxewlacwhi7fftldr0c7bp3aaq-l3u|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256197/; classtype:trojan-activity;sid:81119297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1flsc9zid6vp-03dwgfrcockw-75rlwfg|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256196/; classtype:trojan-activity;sid:81119296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1fttbisi_ger6gb0of1a6lqhshiqcqtjr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256195/; classtype:trojan-activity;sid:81119295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1g3sgj42p_cok3hcwfkb_dbss0hzapgdl|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256194/; classtype:trojan-activity;sid:81119294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gokqjmpo5ule20satctykdejb12zbit7|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256193/; classtype:trojan-activity;sid:81119293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1h28b65cgh8ormuojv6vqjjylmnyqvykj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256192/; classtype:trojan-activity;sid:81119292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1heselrffaizonzu7buzqam_bpjedajmd|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256191/; classtype:trojan-activity;sid:81119291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1hrihaetpxqkkcs-0y5xi3voa43s8zitm|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256190/; classtype:trojan-activity;sid:81119290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1hzjru8gvlbjem530dppw8-6jbn3fddik|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256189/; classtype:trojan-activity;sid:81119289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ils6er_l_uxtq98muqycjcuqdsevk-cc|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256188/; classtype:trojan-activity;sid:81119288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ingfbp1m8fjqtglbah10jknmtxcht-p_|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256187/; classtype:trojan-activity;sid:81119287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ijcfbwtiqt_ptdv_-rmu5p0zsoiav8-u|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256186/; classtype:trojan-activity;sid:81119286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1iybon-sols6cjqr8jziwjm4r6ajwieym|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256185/; classtype:trojan-activity;sid:81119285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1jofw9keqcs7e0o0iizzxt_e7wx6e94sx|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256184/; classtype:trojan-activity;sid:81119284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1k1prtuzzeiaszb32-wc1c4lzvzbdtwqn|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256183/; classtype:trojan-activity;sid:81119283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kntp7tb_vnnemnvynfwlzreokrhh5ow7|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256182/; classtype:trojan-activity;sid:81119282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kofpk5j5677rolihfbbn1o0lmzmb91ts|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256181/; classtype:trojan-activity;sid:81119281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kbpezfhcq6hp0e1bmeyk8xmxa9pr2dk2|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256180/; classtype:trojan-activity;sid:81119280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kjrm17lopk8cudidd8acxmlyz2zn2qh3|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256179/; classtype:trojan-activity;sid:81119279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kuxpwxbhdtqmjhhuxjuqnqrl-usalch7|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256178/; classtype:trojan-activity;sid:81119278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1l8l0tdtsnswpdj4-vjwrqqev9iookevz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256177/; classtype:trojan-activity;sid:81119277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1lkzwflcrqltbq0p_i7vert8okve8smyr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256176/; classtype:trojan-activity;sid:81119276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ly2xcairsud8mtb3gikx4i0e1mdeiz1r|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256175/; classtype:trojan-activity;sid:81119275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1lz_vcls8whssv9bgvxgovufvhwx0uivz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256174/; classtype:trojan-activity;sid:81119274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mjst5iada5wjqiefjk29zif3acdgy8bg|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256173/; classtype:trojan-activity;sid:81119273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1n6hkgackboncdmzrjg0i5ugrolcznkn-|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256172/; classtype:trojan-activity;sid:81119272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1n7lsnlubedzzyr0iiyocgzhcmjcgymrd|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256171/; classtype:trojan-activity;sid:81119271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1n8_b4hy1awaikcy1cbjek1s0x8sgbovw|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256170/; classtype:trojan-activity;sid:81119270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1nkv6uraglixnxmrxzbgd5ru1ojz_i53-|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256169/; classtype:trojan-activity;sid:81119269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1nod8psxqhaknb7nk7cdqwgibzh84v2ko|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256168/; classtype:trojan-activity;sid:81119268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1o8xf1-evq_sspefldgxeuw79fb4u57tp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256167/; classtype:trojan-activity;sid:81119267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1oqhoj1fhem-2vtr9o1nbai3bwkwumawj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256166/; classtype:trojan-activity;sid:81119266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1oxkvvppow8iext47yxar1zvr0u5rdyaw|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256165/; classtype:trojan-activity;sid:81119265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1oz_3hqvx6-360obcrhlrx2rd-lvrjoh7|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256164/; classtype:trojan-activity;sid:81119264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1slbwtlncwpuwkipz_rlbp6cllk2zq8sj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256163/; classtype:trojan-activity;sid:81119263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1sghjc-6aopip1dbgeyhbadfumm6pvltd|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256162/; classtype:trojan-activity;sid:81119262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1t1xye7thiultr--vuxx1dnadklvzlq8a|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256161/; classtype:trojan-activity;sid:81119261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1t4hsjesgeubnembgusy_wvk2yqpb73xk|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256160/; classtype:trojan-activity;sid:81119260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1p0g_0ot6leud6od2focbvetntpcnx7bm|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256159/; classtype:trojan-activity;sid:81119259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1qbc9x2tnilqefyuyvskywagtlcrlkne-|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256158/; classtype:trojan-activity;sid:81119258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1qcoutrjbijngijp9gloxtdg7h_zx0_cu|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256157/; classtype:trojan-activity;sid:81119257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1rdboywoyistmcqpti9i7slbizczh7ayb|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256156/; classtype:trojan-activity;sid:81119256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1rwfxluge5prtpc5xrlhlernbkcd_a55z|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256155/; classtype:trojan-activity;sid:81119255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1seexbn6cmhhyny4zgrebzsoytunvxh7v|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256154/; classtype:trojan-activity;sid:81119254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1tatyq5pjxnceu6tnc6rjn4djcujnsqzj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256153/; classtype:trojan-activity;sid:81119253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1tfy2gdk6jge0yetl1hsms_2-u7vedged|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256152/; classtype:trojan-activity;sid:81119252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1thhpn632cv1sgrcgh7m6ung-q0sdwirn|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256151/; classtype:trojan-activity;sid:81119251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1uigz2ktntav1qd-onkosmuy7izuklowt|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256150/; classtype:trojan-activity;sid:81119250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1uioxrcohr7lawx8tv1gy4qw3tzkyddl4|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256149/; classtype:trojan-activity;sid:81119249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1vlhrv8kcuqzqdh-vea_ugwx1-8baphql|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256148/; classtype:trojan-activity;sid:81119248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1vjmfj8lbisfecfss2ap_6ilf6qnl4wqo|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256147/; classtype:trojan-activity;sid:81119247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1w3aqimbe67n_ptwz3iniwqvgup-8dr1d|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256146/; classtype:trojan-activity;sid:81119246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1w4ahnc2wyghcqpguoqxptnkbdqaz3rd6|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256145/; classtype:trojan-activity;sid:81119245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wj_jjeji8glaxr6tt6kgxguyit9yz4lz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256144/; classtype:trojan-activity;sid:81119244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wn7xthlfhebawobnah-j-iqy9h9l0bbj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256143/; classtype:trojan-activity;sid:81119243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wodmbqpbpmxvdssozy8vabhei7iwwsqp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256142/; classtype:trojan-activity;sid:81119242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1whb68eh2056bgmhao_e_pcbyymqqglyl|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256141/; classtype:trojan-activity;sid:81119241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wyd7epnq9hgzawkuv-fvj3j0ifkxv2ss|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256140/; classtype:trojan-activity;sid:81119240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xvnymg8j1bmbqdcv3mlywrnao4nwik2g|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256139/; classtype:trojan-activity;sid:81119239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xz_gr4ciksq4mwob2trwejnix05dpbqs|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256138/; classtype:trojan-activity;sid:81119238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1y79hgjcc9leyemilrfpqc3ad_mni_ro7|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256137/; classtype:trojan-activity;sid:81119237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1yq8wzwgkwyzsbzra9nnqnm9xy-gogbt1|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256136/; classtype:trojan-activity;sid:81119236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1yyodoqsnuhouhps7uie9tzb67d9wvxsx|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256135/; classtype:trojan-activity;sid:81119235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1yzpdulchy4qwyggazeeyvkaq4yalu-78|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256134/; classtype:trojan-activity;sid:81119234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1z9sao8dbruezhduysj2mugipx3f62ppm|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256133/; classtype:trojan-activity;sid:81119233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1zjx_evp8nz1m8l6j4xseppmqwjphnter|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256132/; classtype:trojan-activity;sid:81119232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1zmje5dommpthvmzn0bcgfghczqacp5l5|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256131/; classtype:trojan-activity;sid:81119231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1_fopw9vc4lcvvquerrjqxamxfcgxifbv|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256130/; classtype:trojan-activity;sid:81119230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1_rucdmzlweuau_xqz4wzsugwgqva3rg0|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256129/; classtype:trojan-activity;sid:81119229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1_zl2raw-xwjfv3mfrjxeggunyj_ujzah|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256128/; classtype:trojan-activity;sid:81119228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1a1ljw469eeg8ub1sudjkgaww-pmwnl5e|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256127/; classtype:trojan-activity;sid:81119227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1a6zj5ykaeg5dt6v4pajr9qcr1n8rqtmy|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256126/; classtype:trojan-activity;sid:81119226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ab1rx-n3dckkvom-vy-3-7p8ji656knx|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256125/; classtype:trojan-activity;sid:81119225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1adpd42qv2oddnylgesfh39oradfs0woa|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256124/; classtype:trojan-activity;sid:81119224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ahqt8gszmldyzjqrmbqfduovcswyfvuf|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256123/; classtype:trojan-activity;sid:81119223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1azwe1gflwo4tsojwsmbuq2z8e5gmh39y|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256122/; classtype:trojan-activity;sid:81119222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1bcw43ywkyjrd7zihqh0ealx0vmrwcp8d|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256121/; classtype:trojan-activity;sid:81119221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1bgvu1bph_ry3xeakxuphdizn5-fmg-nn|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256120/; classtype:trojan-activity;sid:81119220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1bgwqqrye7i2j34-8_hseni4d87-48xl2|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256119/; classtype:trojan-activity;sid:81119219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1bmcebskgmu0mjjrux9rtv0b6kczuon6i|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256118/; classtype:trojan-activity;sid:81119218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1bnmk_jvedgwceiaoyzfulboplr2km8z-|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256117/; classtype:trojan-activity;sid:81119217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1bre1zfzoymenhtzplzjssavcrsn-zqej|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256116/; classtype:trojan-activity;sid:81119216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1byu9odqk6jzyjhwqliisfv8hhobab7zs|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256115/; classtype:trojan-activity;sid:81119215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1byvxkgdplwmi_hxq8pcanfvwpm_w-gkm|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256114/; classtype:trojan-activity;sid:81119214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1bnvxtnyfys6hav1gvrkh23f9spcoyora|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256113/; classtype:trojan-activity;sid:81119213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1bxwjlozvwbmv2whyx8dhtxrtna3bkpfq|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256112/; classtype:trojan-activity;sid:81119212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1c-4cbewjx5mrvv-_qcs35jp6u-xtuggy|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256111/; classtype:trojan-activity;sid:81119211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1c6gea6_oi0sm-7n8mqp7fjb_32aphh-b|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256110/; classtype:trojan-activity;sid:81119210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ca8kc5riemngkw5pusqdn5lws4djjzgd|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256109/; classtype:trojan-activity;sid:81119209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1cofi_l31y3hxaer7ks7hll1wblosiekm|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256108/; classtype:trojan-activity;sid:81119208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1cygt9bcvhjutlu75nar2uydlg92x9r8u|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256107/; classtype:trojan-activity;sid:81119207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dl6n4wj7zcvbf071u4hdfker58hjpnnk|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256106/; classtype:trojan-activity;sid:81119206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dmeas4wlsvikzicdgtb0hcsel13tqr6q|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256105/; classtype:trojan-activity;sid:81119205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dv2oizburkcykjzpv0n-3sroptryhaba|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256104/; classtype:trojan-activity;sid:81119204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dopxg1y5kgfxjehdxd-ckzzve8c6jryh|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256103/; classtype:trojan-activity;sid:81119203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dpje95wkg0yxxzvt-sv8ypcgnwc20qe_|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256102/; classtype:trojan-activity;sid:81119202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1fv8_ulfjdvp72tzyj5fawncmlajxc8pj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256101/; classtype:trojan-activity;sid:81119201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gh59e3huaga7ozagqomxijku-ao3t-w2|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256100/; classtype:trojan-activity;sid:81119200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gofa9euwuez6yc8mjdzucxkhjn3vvkei|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256099/; classtype:trojan-activity;sid:81119199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gohawwrmdfbmsogfas9zv_zcjldnfvzg|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256098/; classtype:trojan-activity;sid:81119198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ggyonh7zndbgzuhnll9lvt2vvrbs_htm|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256097/; classtype:trojan-activity;sid:81119197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1h8i1k5ykpa6ssfemn2dvcawxjtw0u1kx|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256096/; classtype:trojan-activity;sid:81119196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1hc1u30nf-ysfphmi7wrg-siaeeognhyl|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256095/; classtype:trojan-activity;sid:81119195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1hzoltqaw1xiblzy4mq28qk3tfgjlwx3y|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256094/; classtype:trojan-activity;sid:81119194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1hl7cwwiutewkbqizobf_7zbsui9qfj2f|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256093/; classtype:trojan-activity;sid:81119193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1hyswtfstvznww-i5b_joqxk_xzetcwtf|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256092/; classtype:trojan-activity;sid:81119192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1i0ocle7ougm3-3nf8sqhn604vrl7xfzf|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256091/; classtype:trojan-activity;sid:81119191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1i_czuovnmvxpfxqapnvxfrr0bautwx9d|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256090/; classtype:trojan-activity;sid:81119190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ipslidamftmotoqpumehjadnwhgcqcwz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256089/; classtype:trojan-activity;sid:81119189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1j36skmqxovg4urxplmryq66ed3at4rzf|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256088/; classtype:trojan-activity;sid:81119188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1jhekpoqytyd7nypbub4xmsbzpohtxmoo|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256087/; classtype:trojan-activity;sid:81119187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ji42kwfesgcnjvnpvuqvowmdkx7qyltz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256086/; classtype:trojan-activity;sid:81119186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1jqp3ntd56vgdsj0-d0wdmtofi8prwbb_|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256085/; classtype:trojan-activity;sid:81119185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1k2s5e3byi6lpmggj0rya5mvp2sds2toh|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256084/; classtype:trojan-activity;sid:81119184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kfypxrz0w6n5kuhn0am-sxkskis7yo5p|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256083/; classtype:trojan-activity;sid:81119183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kj27vq8cldou0mheewshzboa3dahcdza|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256082/; classtype:trojan-activity;sid:81119182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ko2vg_kip-1q-_habpule-zeboxkmqmg|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256081/; classtype:trojan-activity;sid:81119181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kpr8zwujcgznrmqt-wba7z0s8dlrlbuy|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256080/; classtype:trojan-activity;sid:81119180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1lci0hab7yodwdypktzbcmvojbk7r_qnh|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256079/; classtype:trojan-activity;sid:81119179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1m7gzkpce0itu2k_y_ihn5lpmtqcxeon0|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256078/; classtype:trojan-activity;sid:81119178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mxhexhvedzi3ez4dukgupn-igmazwguj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256077/; classtype:trojan-activity;sid:81119177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mbpze_gilijwha3oglklhfosiigqveoo|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256076/; classtype:trojan-activity;sid:81119176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mi8q2dfvmuwpls7lpszkuayw4tzk60yi|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256075/; classtype:trojan-activity;sid:81119175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mthxgw4csppuhipl4zn35c_dg0ihigya|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256074/; classtype:trojan-activity;sid:81119174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mw8xfitcicmapx6-uasn_dpj47tv1aha|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256073/; classtype:trojan-activity;sid:81119173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mw_umrdkmy8dfodijemjvv_tr1_8_zvo|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256072/; classtype:trojan-activity;sid:81119172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1myogvefoxqszgurp-nro-lttcm_uwqhe|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256071/; classtype:trojan-activity;sid:81119171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1n02nswoclyxb42v1vqvxdyzujuqx9tyy|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256070/; classtype:trojan-activity;sid:81119170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1o82xtvu2chnjwx0f-zpthkinthkbu7wy|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256069/; classtype:trojan-activity;sid:81119169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1o8jtjotmgr9g9osumhjougpyiyo6hmbg|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256068/; classtype:trojan-activity;sid:81119168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1othd3skunlhugju3qjdlgz__mxl_ahid|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256067/; classtype:trojan-activity;sid:81119167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1oao3codm8qxmou7z0guaeu8tn_upswtc|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256066/; classtype:trojan-activity;sid:81119166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1p37dfgyrtvfp_jiubvy5jjqv-t_i6o4l|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256065/; classtype:trojan-activity;sid:81119165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1p5rqmubmlnt4g-hcnns9litbmmced8p5|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256064/; classtype:trojan-activity;sid:81119164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1pf3xekkssaopolmqrkvicpa-gnlgot3c|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256063/; classtype:trojan-activity;sid:81119163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1phsyvwnq5b8cmkadlwi7sveeqslnffdt|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256062/; classtype:trojan-activity;sid:81119162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ppnyhbg41hrobklejrormhyfkeniuupc|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256061/; classtype:trojan-activity;sid:81119161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1qqehulcbknru9aqyfwwn98aplv_3pwl7|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256060/; classtype:trojan-activity;sid:81119160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1r35iq3bwtl6byujpxloig4dkqfy6dkab|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256059/; classtype:trojan-activity;sid:81119159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1r5qoriprv4sgxzj_cm1zp6-urou19v1n|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256058/; classtype:trojan-activity;sid:81119158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1rdz1rgl8s6x2j8xli59ppc4e7aphzxlz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256057/; classtype:trojan-activity;sid:81119157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1rszcfipiztk12dpcjbfeco6jxrrfqryg|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256056/; classtype:trojan-activity;sid:81119156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1rme5hpaazkn1gyjnyreehainbxdfzbbv|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256055/; classtype:trojan-activity;sid:81119155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1smsre66blouo0mu9zqli9-shn3spd5z4|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256054/; classtype:trojan-activity;sid:81119154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1swnjwrfyoukrpvtrn0h9ulciae09okfg|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256053/; classtype:trojan-activity;sid:81119153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1sjxpff3gek6ed2npy7lglhiida5clgjt|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256052/; classtype:trojan-activity;sid:81119152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1t65fb6fixprviqpa1mqycge1qv5_jder|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256051/; classtype:trojan-activity;sid:81119151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1tqskeyp-j1od38fiiucdtynxghrgozg-|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256050/; classtype:trojan-activity;sid:81119150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1th2-btfkhbbj9xos8n_asd0rnbj46uvh|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256049/; classtype:trojan-activity;sid:81119149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1tpu9dcw3kjtww9p-zwbdldd5jsybsr5v|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256048/; classtype:trojan-activity;sid:81119148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1tx6flwpqzddti8eok97qob51eatuch6w|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256047/; classtype:trojan-activity;sid:81119147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1u2xqtuh9qpcv97rvrbfbyktvjse7kb4f|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256046/; classtype:trojan-activity;sid:81119146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1u3_tzbfihzuxrh0drwbv-epizxd1q8ss|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256045/; classtype:trojan-activity;sid:81119145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ufkg-vt7s61gdi28nesr6nmjclk1mcti|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256044/; classtype:trojan-activity;sid:81119144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1unhhyjsdpzyt40o_eu7rpjp8x4wmluev|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256043/; classtype:trojan-activity;sid:81119143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1v3dwtymyuok_76b3hncyx8mkqizcgifv|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256042/; classtype:trojan-activity;sid:81119142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1v5vulck7al6wb0b5wtj1zqai9ucmmvt-|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256041/; classtype:trojan-activity;sid:81119141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1vdthezyhp1ls6_4--6uunqytpzvwpmi1|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256040/; classtype:trojan-activity;sid:81119140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1vk5goyfegwqyclqpv5mhdkum5epq1r2u|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256039/; classtype:trojan-activity;sid:81119139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1vxycuav1saoicvkw-74ckkzo4wqy7bd2|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256038/; classtype:trojan-activity;sid:81119138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1vt5c7kp3cmfjml_ui_vyrpm4m6ilgvkg|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256037/; classtype:trojan-activity;sid:81119137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wdp4vn0ivnym5ap4wlwoa-filq9vza-l|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256036/; classtype:trojan-activity;sid:81119136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wwfgtbeguzc-eqi5_29pnfmk2ohyrbi1|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256035/; classtype:trojan-activity;sid:81119135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wc3xhmq3ujqs8lkejtlzftdbf2bctk1q|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256034/; classtype:trojan-activity;sid:81119134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wlgsd9svrahov_exxlb4vvpcz-kmsae8|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256033/; classtype:trojan-activity;sid:81119133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wqvfmqgylrfptw-fwsqsh6s-0bkgr0zr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256032/; classtype:trojan-activity;sid:81119132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wuo3hjqezetbh_vgdkxkfolx8a7mdmwd|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256031/; classtype:trojan-activity;sid:81119131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xhqntyiyf390ajvriu8lmgqc44bgdvez|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256030/; classtype:trojan-activity;sid:81119130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xkystcn5jriiblkhwkftpr3ukxqi7yz4|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256029/; classtype:trojan-activity;sid:81119129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xifx7mermwobf61g-66_s8oqmg8_ebyk|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256028/; classtype:trojan-activity;sid:81119128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xyi0xahbwxmitqad0r8g-kvamlssdwtl|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256027/; classtype:trojan-activity;sid:81119127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1y95u_s-48tiwewnhvx37a22he_oy2gyr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256026/; classtype:trojan-activity;sid:81119126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1yn733nbbm-nbon-ao75hh0xwymduhh0o|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256025/; classtype:trojan-activity;sid:81119125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1yhp-vk75nqm_sblzukfmf2qilorielqy|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256024/; classtype:trojan-activity;sid:81119124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1yjjvabuzsrlx2eocvj4cguoccuqtnu-q|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256023/; classtype:trojan-activity;sid:81119123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ytwx7n9npttvjaztvlu4vkycxq684sl4|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256022/; classtype:trojan-activity;sid:81119122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1zi8k7gheyexanz80sq_2nm3sijaqo-th|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256021/; classtype:trojan-activity;sid:81119121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1zo79gwv3925hgqefqphaauq8gmfhggz9|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256020/; classtype:trojan-activity;sid:81119120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1zzm8q5q6xuubpol0fdac7qrbtyii9a4l|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256019/; classtype:trojan-activity;sid:81119119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/archivosadultos/wacatac_2019-11-20_00-10.exe"; http_uri; depth:45; isdataat:!1,relative; content:"webparroquia.es"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256018/; classtype:trojan-activity;sid:81119118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/web/tzqjmatove8zlr3.exe"; http_uri; depth:24; isdataat:!1,relative; content:"flood-protection.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256016/; classtype:trojan-activity;sid:81119116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/storage/app/fr.exe"; http_uri; depth:19; isdataat:!1,relative; content:"www.teorija.rs"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256015/; classtype:trojan-activity;sid:81119115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.sparc"; http_uri; depth:12; isdataat:!1,relative; content:"178.33.181.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256013/; classtype:trojan-activity;sid:81119113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.mips"; http_uri; depth:11; isdataat:!1,relative; content:"178.33.181.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256012/; classtype:trojan-activity;sid:81119112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.mpsl"; http_uri; depth:11; isdataat:!1,relative; content:"178.33.181.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256011/; classtype:trojan-activity;sid:81119111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.arm4"; http_uri; depth:11; isdataat:!1,relative; content:"178.33.181.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256010/; classtype:trojan-activity;sid:81119110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.x86"; http_uri; depth:10; isdataat:!1,relative; content:"178.33.181.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256009/; classtype:trojan-activity;sid:81119109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.arm6"; http_uri; depth:11; isdataat:!1,relative; content:"178.33.181.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256008/; classtype:trojan-activity;sid:81119108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"47.187.120.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256007/; classtype:trojan-activity;sid:81119107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.ppc"; http_uri; depth:10; isdataat:!1,relative; content:"178.33.181.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256006/; classtype:trojan-activity;sid:81119106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.arm5"; http_uri; depth:11; isdataat:!1,relative; content:"178.33.181.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256005/; classtype:trojan-activity;sid:81119105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/seite_3/p3jk6ul0y-aad1w-57768077/"; http_uri; depth:34; isdataat:!1,relative; content:"idealnewhomes.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256004/; classtype:trojan-activity;sid:81119104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/g733qbfiqa-hkd835zy-1199/"; http_uri; depth:35; isdataat:!1,relative; content:"racingturtlesg07.000webhostapp.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256003/; classtype:trojan-activity;sid:81119103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/rfhltof/"; http_uri; depth:20; isdataat:!1,relative; content:"zylokk.000webhostapp.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256002/; classtype:trojan-activity;sid:81119102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/b77caw60-khn-7988584/"; http_uri; depth:31; isdataat:!1,relative; content:"awal122182.000webhostapp.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256001/; classtype:trojan-activity;sid:81119101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/idc8idw-a4z8au-676358/"; http_uri; depth:32; isdataat:!1,relative; content:"all.ugmuzik.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/256000/; classtype:trojan-activity;sid:81119100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/4ah0ndbi/"; http_uri; depth:21; isdataat:!1,relative; content:"sarl-diouane.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255999/; classtype:trojan-activity;sid:81119099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/utpz03md/"; http_uri; depth:22; isdataat:!1,relative; content:"remax.talkdrawer.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255998/; classtype:trojan-activity;sid:81119098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/parseopmlo/kc7nl8/"; http_uri; depth:19; isdataat:!1,relative; content:"www.reneesresales.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255997/; classtype:trojan-activity;sid:81119097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sl1eoj4/pcp/"; http_uri; depth:13; isdataat:!1,relative; content:"fulltruyen.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255996/; classtype:trojan-activity;sid:81119096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/web_map/jexewtvyq/"; http_uri; depth:19; isdataat:!1,relative; content:"arcid.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255995/; classtype:trojan-activity;sid:81119095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"138.68.18.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255994/; classtype:trojan-activity;sid:81119094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"138.68.18.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255993/; classtype:trojan-activity;sid:81119093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"138.68.18.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255992/; classtype:trojan-activity;sid:81119092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"138.68.18.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255991/; classtype:trojan-activity;sid:81119091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"138.68.18.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255990/; classtype:trojan-activity;sid:81119090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"138.68.18.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255989/; classtype:trojan-activity;sid:81119089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"138.68.18.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255988/; classtype:trojan-activity;sid:81119088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"138.68.18.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255987/; classtype:trojan-activity;sid:81119087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"138.68.18.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255986/; classtype:trojan-activity;sid:81119086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"138.68.18.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255985/; classtype:trojan-activity;sid:81119085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dark_bins/hx86"; http_uri; depth:15; isdataat:!1,relative; content:"205.185.118.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255984/; classtype:trojan-activity;sid:81119084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dark_bins/hspc"; http_uri; depth:15; isdataat:!1,relative; content:"205.185.118.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255983/; classtype:trojan-activity;sid:81119083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dark_bins/hmpsl"; http_uri; depth:16; isdataat:!1,relative; content:"205.185.118.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255982/; classtype:trojan-activity;sid:81119082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dark_bins/hmips"; http_uri; depth:16; isdataat:!1,relative; content:"205.185.118.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255981/; classtype:trojan-activity;sid:81119081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dark_bins/hm68k"; http_uri; depth:16; isdataat:!1,relative; content:"205.185.118.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255980/; classtype:trojan-activity;sid:81119080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dark_bins/harm7"; http_uri; depth:16; isdataat:!1,relative; content:"205.185.118.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255979/; classtype:trojan-activity;sid:81119079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dark_bins/harm6"; http_uri; depth:16; isdataat:!1,relative; content:"205.185.118.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255978/; classtype:trojan-activity;sid:81119078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dark_bins/harm5"; http_uri; depth:16; isdataat:!1,relative; content:"205.185.118.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255977/; classtype:trojan-activity;sid:81119077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dark_bins/harm"; http_uri; depth:15; isdataat:!1,relative; content:"205.185.118.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255976/; classtype:trojan-activity;sid:81119076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dark_bins/dark.spc"; http_uri; depth:19; isdataat:!1,relative; content:"205.185.118.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255975/; classtype:trojan-activity;sid:81119075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dark_bins/dark.x86"; http_uri; depth:19; isdataat:!1,relative; content:"205.185.118.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255974/; classtype:trojan-activity;sid:81119074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dark_bins/dark.sh4"; http_uri; depth:19; isdataat:!1,relative; content:"205.185.118.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255973/; classtype:trojan-activity;sid:81119073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dark_bins/dark.mpsl"; http_uri; depth:20; isdataat:!1,relative; content:"205.185.118.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255972/; classtype:trojan-activity;sid:81119072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dark_bins/dark.mips"; http_uri; depth:20; isdataat:!1,relative; content:"205.185.118.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255971/; classtype:trojan-activity;sid:81119071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dark_bins/dark.m68k"; http_uri; depth:20; isdataat:!1,relative; content:"205.185.118.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255970/; classtype:trojan-activity;sid:81119070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dark_bins/dark.arm7"; http_uri; depth:20; isdataat:!1,relative; content:"205.185.118.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255969/; classtype:trojan-activity;sid:81119069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dark_bins/dark.arm6"; http_uri; depth:20; isdataat:!1,relative; content:"205.185.118.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255968/; classtype:trojan-activity;sid:81119068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dark_bins/dark.arm5"; http_uri; depth:20; isdataat:!1,relative; content:"205.185.118.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255967/; classtype:trojan-activity;sid:81119067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dark_bins/dark.arm"; http_uri; depth:19; isdataat:!1,relative; content:"205.185.118.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255966/; classtype:trojan-activity;sid:81119066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/storage/app/el.exe"; http_uri; depth:19; isdataat:!1,relative; content:"www.teorija.rs"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255965/; classtype:trojan-activity;sid:81119065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/storage/app/fr.exe"; http_uri; depth:19; isdataat:!1,relative; content:"teorija.rs"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255964/; classtype:trojan-activity;sid:81119064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/flashplayer_4.54.43.exe"; http_uri; depth:24; isdataat:!1,relative; content:"avto-luxe.com.ua"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255963/; classtype:trojan-activity;sid:81119063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.spc"; http_uri; depth:21; isdataat:!1,relative; content:"138.68.18.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255961/; classtype:trojan-activity;sid:81119061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wp-content/plugins/ubh/benin/beninguyyyy.exe"; http_uri; depth:55; isdataat:!1,relative; content:"jobokutokel.jeparakab.go.id"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255960/; classtype:trojan-activity;sid:81119060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/storage/app/frr.exe"; http_uri; depth:20; isdataat:!1,relative; content:"www.teorija.rs"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255959/; classtype:trojan-activity;sid:81119059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/storage/app/todd.exe"; http_uri; depth:21; isdataat:!1,relative; content:"teorija.rs"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255958/; classtype:trojan-activity;sid:81119058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dos222.exe"; http_uri; depth:11; isdataat:!1,relative; content:"nadvexmail19mn.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255957/; classtype:trojan-activity;sid:81119057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/storage/app/frr.exe"; http_uri; depth:20; isdataat:!1,relative; content:"teorija.rs"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255955/; classtype:trojan-activity;sid:81119055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/storage/app/pov.exe"; http_uri; depth:20; isdataat:!1,relative; content:"teorija.rs"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255954/; classtype:trojan-activity;sid:81119054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/storage/app/el.exe"; http_uri; depth:19; isdataat:!1,relative; content:"teorija.rs"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255953/; classtype:trojan-activity;sid:81119053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nice/bbnn_protected.exe"; http_uri; depth:24; isdataat:!1,relative; content:"gray-yame-8073.holy.jp"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255952/; classtype:trojan-activity;sid:81119052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/browse.phpdl=1|26|file=sendung_n8747330_9598643_secured_wxecp.com"; http_uri; depth:66; isdataat:!1,relative; content:"box-cloud.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255951/; classtype:trojan-activity;sid:81119051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/az.exe"; http_uri; depth:15; isdataat:!1,relative; content:"landmarktreks.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255950/; classtype:trojan-activity;sid:81119050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/chrome.exe"; http_uri; depth:15; isdataat:!1,relative; content:"subparkissing.co.za"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255949/; classtype:trojan-activity;sid:81119049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/winsvc.exe"; http_uri; depth:19; isdataat:!1,relative; content:"landmarktreks.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255948/; classtype:trojan-activity;sid:81119048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/eu/1.exe"; http_uri; depth:14; isdataat:!1,relative; content:"snupdate4.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255947/; classtype:trojan-activity;sid:81119047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/abc/fire.exe"; http_uri; depth:13; isdataat:!1,relative; content:"erisomething.tk"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255946/; classtype:trojan-activity;sid:81119046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eupanda.exe"; http_uri; depth:12; isdataat:!1,relative; content:"snupdate3.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255945/; classtype:trojan-activity;sid:81119045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wp-content/plugins/ubh/fort/fortune.exe"; http_uri; depth:50; isdataat:!1,relative; content:"jobokutokel.jeparakab.go.id"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255943/; classtype:trojan-activity;sid:81119043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=colyte1.cab"; http_uri; depth:31; isdataat:!1,relative; content:"nuremerivo.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255942/; classtype:trojan-activity;sid:81119042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=colyte2.cab"; http_uri; depth:31; isdataat:!1,relative; content:"nuremerivo.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255941/; classtype:trojan-activity;sid:81119041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=colyte3.cab"; http_uri; depth:31; isdataat:!1,relative; content:"nuremerivo.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255940/; classtype:trojan-activity;sid:81119040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=colyte9.cab"; http_uri; depth:31; isdataat:!1,relative; content:"cylialarer.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255939/; classtype:trojan-activity;sid:81119039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=colyte8.cab"; http_uri; depth:31; isdataat:!1,relative; content:"cylialarer.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255938/; classtype:trojan-activity;sid:81119038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=colyte7.cab"; http_uri; depth:31; isdataat:!1,relative; content:"cylialarer.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255937/; classtype:trojan-activity;sid:81119037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=colyte6.cab"; http_uri; depth:31; isdataat:!1,relative; content:"reprolucup.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255936/; classtype:trojan-activity;sid:81119036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=colyte5.cab"; http_uri; depth:31; isdataat:!1,relative; content:"reprolucup.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255935/; classtype:trojan-activity;sid:81119035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=colyte4.cab"; http_uri; depth:31; isdataat:!1,relative; content:"reprolucup.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255934/; classtype:trojan-activity;sid:81119034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/bb48974/"; http_uri; depth:18; isdataat:!1,relative; content:"pronomina.store"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255933/; classtype:trojan-activity;sid:81119033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/1a72g8l129/"; http_uri; depth:23; isdataat:!1,relative; content:"floridapolyieee.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255932/; classtype:trojan-activity;sid:81119032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/3z35eb9629/"; http_uri; depth:21; isdataat:!1,relative; content:"sattamatka7.live"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255931/; classtype:trojan-activity;sid:81119031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/52st728/"; http_uri; depth:28; isdataat:!1,relative; content:"www.superhighroller.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255930/; classtype:trojan-activity;sid:81119030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/xi0l9567/"; http_uri; depth:21; isdataat:!1,relative; content:"solusimaster.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255929/; classtype:trojan-activity;sid:81119029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/css/f/"; http_uri; depth:16; isdataat:!1,relative; content:"eaglelogistics-hk.com.hk"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255928/; classtype:trojan-activity;sid:81119028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/lhhr1ycey/"; http_uri; depth:22; isdataat:!1,relative; content:"www.supadom.fr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255927/; classtype:trojan-activity;sid:81119027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zqwygen/ikt/"; http_uri; depth:13; isdataat:!1,relative; content:"propergrass.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255926/; classtype:trojan-activity;sid:81119026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/nppaj/"; http_uri; depth:16; isdataat:!1,relative; content:"www.luotc.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255925/; classtype:trojan-activity;sid:81119025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/lkxmdat/"; http_uri; depth:21; isdataat:!1,relative; content:"onetours.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255924/; classtype:trojan-activity;sid:81119024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iyc3jpae.exe"; http_uri; depth:13; isdataat:!1,relative; content:"m.put.re"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255923/; classtype:trojan-activity;sid:81119023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=colyte6.cab"; http_uri; depth:31; isdataat:!1,relative; content:"dooggeinet.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255922/; classtype:trojan-activity;sid:81119022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=colyte5.cab"; http_uri; depth:31; isdataat:!1,relative; content:"dooggeinet.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255921/; classtype:trojan-activity;sid:81119021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=colyte4.cab"; http_uri; depth:31; isdataat:!1,relative; content:"dooggeinet.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255920/; classtype:trojan-activity;sid:81119020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=colyte3.cab"; http_uri; depth:31; isdataat:!1,relative; content:"scronarcom.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255919/; classtype:trojan-activity;sid:81119019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=colyte2.cab"; http_uri; depth:31; isdataat:!1,relative; content:"scronarcom.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255918/; classtype:trojan-activity;sid:81119018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=colyte7.cab"; http_uri; depth:31; isdataat:!1,relative; content:"focamearsy.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255917/; classtype:trojan-activity;sid:81119017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=colyte1.cab"; http_uri; depth:31; isdataat:!1,relative; content:"scronarcom.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255916/; classtype:trojan-activity;sid:81119016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=colyte9.cab"; http_uri; depth:31; isdataat:!1,relative; content:"focamearsy.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255915/; classtype:trojan-activity;sid:81119015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=colyte8.cab"; http_uri; depth:31; isdataat:!1,relative; content:"focamearsy.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255914/; classtype:trojan-activity;sid:81119014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/archivosadultos/wacatac_2019-11-20_04-06.exe"; http_uri; depth:45; isdataat:!1,relative; content:"webparroquia.es"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255913/; classtype:trojan-activity;sid:81119013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yeeto.spc"; http_uri; depth:10; isdataat:!1,relative; content:"185.212.47.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255912/; classtype:trojan-activity;sid:81119012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yeeto.arm5"; http_uri; depth:11; isdataat:!1,relative; content:"185.212.47.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255911/; classtype:trojan-activity;sid:81119011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yeeto.mpsl"; http_uri; depth:11; isdataat:!1,relative; content:"185.212.47.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255910/; classtype:trojan-activity;sid:81119010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yeeto.arm6"; http_uri; depth:11; isdataat:!1,relative; content:"185.212.47.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255909/; classtype:trojan-activity;sid:81119009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yeeto.arm"; http_uri; depth:10; isdataat:!1,relative; content:"185.212.47.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255908/; classtype:trojan-activity;sid:81119008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yeeto.arm7"; http_uri; depth:11; isdataat:!1,relative; content:"185.212.47.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255907/; classtype:trojan-activity;sid:81119007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yeeto.x86"; http_uri; depth:10; isdataat:!1,relative; content:"185.212.47.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255906/; classtype:trojan-activity;sid:81119006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yeeto.sh4"; http_uri; depth:10; isdataat:!1,relative; content:"185.212.47.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255905/; classtype:trojan-activity;sid:81119005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yeeto.mips"; http_uri; depth:11; isdataat:!1,relative; content:"185.212.47.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255904/; classtype:trojan-activity;sid:81119004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yeeto.m68k"; http_uri; depth:11; isdataat:!1,relative; content:"185.212.47.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255903/; classtype:trojan-activity;sid:81119003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yeeto.ppc"; http_uri; depth:10; isdataat:!1,relative; content:"185.212.47.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255902/; classtype:trojan-activity;sid:81119002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kiskis.exe"; http_uri; depth:11; isdataat:!1,relative; content:"gocleaner-bar.tech"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255901/; classtype:trojan-activity;sid:81119001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amix"; http_uri; depth:5; isdataat:!1,relative; content:"gocleaner-bar.tech"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255900/; classtype:trojan-activity;sid:81119000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wp-content/plugins/ubh/linksguy/linksguyyy.exe"; http_uri; depth:57; isdataat:!1,relative; content:"jobokutokel.jeparakab.go.id"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255899/; classtype:trojan-activity;sid:81118999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xmond/xop.exe"; http_uri; depth:14; isdataat:!1,relative; content:"jplymell.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255898/; classtype:trojan-activity;sid:81118998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/order-wrappers/oj90/"; http_uri; depth:21; isdataat:!1,relative; content:"youtubeismyartschool.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255897/; classtype:trojan-activity;sid:81118997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/1ozz1a5072/"; http_uri; depth:22; isdataat:!1,relative; content:"joufhs.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255896/; classtype:trojan-activity;sid:81118996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/lj54my449/"; http_uri; depth:19; isdataat:!1,relative; content:"mastermindescapetheroomgame.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255895/; classtype:trojan-activity;sid:81118995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/9ar12/"; http_uri; depth:7; isdataat:!1,relative; content:"skilmu.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255894/; classtype:trojan-activity;sid:81118994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/im24279/"; http_uri; depth:20; isdataat:!1,relative; content:"astrametals.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255893/; classtype:trojan-activity;sid:81118993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/facebook/s0xza/"; http_uri; depth:16; isdataat:!1,relative; content:"www.mrsconnect.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255892/; classtype:trojan-activity;sid:81118992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cittb/bk1tf/"; http_uri; depth:13; isdataat:!1,relative; content:"www.sellusedgym.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255891/; classtype:trojan-activity;sid:81118991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/upload/5tkx/"; http_uri; depth:13; isdataat:!1,relative; content:"digitgenics.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255890/; classtype:trojan-activity;sid:81118990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/3vvp6i/"; http_uri; depth:16; isdataat:!1,relative; content:"www.sh-tradinggroup.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255889/; classtype:trojan-activity;sid:81118989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/yr4i53/"; http_uri; depth:19; isdataat:!1,relative; content:"www.resq-today.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255888/; classtype:trojan-activity;sid:81118988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/sketch/srr.exe"; http_uri; depth:33; isdataat:!1,relative; content:"www.portoghesefilippo.it"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255887/; classtype:trojan-activity;sid:81118987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/happy/greencrypt_crypt.exe"; http_uri; depth:27; isdataat:!1,relative; content:"happyguty.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255886/; classtype:trojan-activity;sid:81118986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/storage/app/whe.exe"; http_uri; depth:20; isdataat:!1,relative; content:"www.teorija.rs"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255885/; classtype:trojan-activity;sid:81118985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/shipping.exe"; http_uri; depth:17; isdataat:!1,relative; content:"flood-protection.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255884/; classtype:trojan-activity;sid:81118984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y91/x86"; http_uri; depth:8; isdataat:!1,relative; content:"185.112.250.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255883/; classtype:trojan-activity;sid:81118983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/panel/bin.exe"; http_uri; depth:14; isdataat:!1,relative; content:"51.77.225.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255882/; classtype:trojan-activity;sid:81118982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/com.php"; http_uri; depth:8; isdataat:!1,relative; content:"porangna.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255881/; classtype:trojan-activity;sid:81118981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/t9lf771/"; http_uri; depth:18; isdataat:!1,relative; content:"www.doibietchangconchi8899.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255879/; classtype:trojan-activity;sid:81118979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/t7y01qm6153/"; http_uri; depth:22; isdataat:!1,relative; content:"iimtgroupeducation.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255878/; classtype:trojan-activity;sid:81118978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/profilel/w8623/"; http_uri; depth:16; isdataat:!1,relative; content:"luminoushomeinspection.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255877/; classtype:trojan-activity;sid:81118977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/1m833/"; http_uri; depth:18; isdataat:!1,relative; content:"hangduc24h.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255876/; classtype:trojan-activity;sid:81118976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/bl0pzru564/"; http_uri; depth:21; isdataat:!1,relative; content:"www.pcginsure.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255875/; classtype:trojan-activity;sid:81118975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/fagri/oknuyqlfr/"; http_uri; depth:35; isdataat:!1,relative; content:"wodfitapparel.fr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255874/; classtype:trojan-activity;sid:81118974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/km/wp-content/plugins/no-comments-on-pages/5su-khkh2m-84/"; http_uri; depth:58; isdataat:!1,relative; content:"math.pollub.pl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255873/; classtype:trojan-activity;sid:81118973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/gzgommkn/"; http_uri; depth:21; isdataat:!1,relative; content:"chasem2020.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255872/; classtype:trojan-activity;sid:81118972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/customize/q4z-y23-6153/"; http_uri; depth:36; isdataat:!1,relative; content:"karanrajesh.london"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255871/; classtype:trojan-activity;sid:81118971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ckplayer/vidcddme/"; http_uri; depth:19; isdataat:!1,relative; content:"www.xxoo.tm"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255870/; classtype:trojan-activity;sid:81118970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/646464906396434445/646465074508070932/po187144_urgent_request_quote_best_price.gz"; http_uri; depth:94; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255869/; classtype:trojan-activity;sid:81118969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/588286158258307072/610861960275427372/server.jpg.exe"; http_uri; depth:65; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255868/; classtype:trojan-activity;sid:81118968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/w584mlzt"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255867/; classtype:trojan-activity;sid:81118967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/qndvdcqj"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255866/; classtype:trojan-activity;sid:81118966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/646150655886491651/646169619106758656/dhl_awb_no_5011043111pdf.lzh"; http_uri; depth:79; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255865/; classtype:trojan-activity;sid:81118965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/642298409394634775/646273266041880596/quotation_pl-109-2019.tar.gz"; http_uri; depth:79; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255864/; classtype:trojan-activity;sid:81118964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/v6tyzga4"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255863/; classtype:trojan-activity;sid:81118963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/645260599810588700/646369720366268426/video_2019-11-05_17-23-18.mp4.scr"; http_uri; depth:84; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255862/; classtype:trojan-activity;sid:81118962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dospizdos.tmp"; http_uri; depth:14; isdataat:!1,relative; content:"104.168.201.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255861/; classtype:trojan-activity;sid:81118961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/570649031038992414/606840890593509386/va.exe"; http_uri; depth:57; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255860/; classtype:trojan-activity;sid:81118960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/zb4jo/"; http_uri; depth:15; isdataat:!1,relative; content:"dev.wellcorp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255859/; classtype:trojan-activity;sid:81118959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/quwetb9m/dauyge/"; http_uri; depth:17; isdataat:!1,relative; content:"makeupartisthub.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255858/; classtype:trojan-activity;sid:81118958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/siapechile.cl/frx5cm/"; http_uri; depth:22; isdataat:!1,relative; content:"nuevaley.cl"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255857/; classtype:trojan-activity;sid:81118957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/smd/"; http_uri; depth:16; isdataat:!1,relative; content:"eco-earthworks.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255856/; classtype:trojan-activity;sid:81118956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes.stop/bfzn/"; http_uri; depth:23; isdataat:!1,relative; content:"www.bienesraicesvictoria.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255854/; classtype:trojan-activity;sid:81118954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jjj.exe"; http_uri; depth:8; isdataat:!1,relative; content:"curly-yoron-0282.sunnyday.jp"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255853/; classtype:trojan-activity;sid:81118953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ups.exe"; http_uri; depth:8; isdataat:!1,relative; content:"curly-yoron-0282.sunnyday.jp"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255851/; classtype:trojan-activity;sid:81118951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scan/en_en/invoice-66361347/"; http_uri; depth:29; isdataat:!1,relative; content:"narty.laserteam.pl"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255849/; classtype:trojan-activity;sid:81118949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gggg.exe"; http_uri; depth:9; isdataat:!1,relative; content:"curly-yoron-0282.sunnyday.jp"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255848/; classtype:trojan-activity;sid:81118948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dsec.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"192.210.180.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255847/; classtype:trojan-activity;sid:81118947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dsec.x86"; http_uri; depth:14; isdataat:!1,relative; content:"192.210.180.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255846/; classtype:trojan-activity;sid:81118946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dsec.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"192.210.180.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255845/; classtype:trojan-activity;sid:81118945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dsec.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"192.210.180.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255844/; classtype:trojan-activity;sid:81118944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dsec.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"192.210.180.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255843/; classtype:trojan-activity;sid:81118943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dsec.arm"; http_uri; depth:14; isdataat:!1,relative; content:"192.210.180.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255841/; classtype:trojan-activity;sid:81118941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dsec.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"192.210.180.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255840/; classtype:trojan-activity;sid:81118940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dsec.mips"; http_uri; depth:15; isdataat:!1,relative; content:"192.210.180.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255838/; classtype:trojan-activity;sid:81118938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dsec.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"192.210.180.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255837/; classtype:trojan-activity;sid:81118937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dsec.spc"; http_uri; depth:14; isdataat:!1,relative; content:"192.210.180.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255836/; classtype:trojan-activity;sid:81118936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dsec.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"192.210.180.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255835/; classtype:trojan-activity;sid:81118935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/angl/x.exe"; http_uri; depth:11; isdataat:!1,relative; content:"lavinch.firewall-gateway.de"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255831/; classtype:trojan-activity;sid:81118931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/avada/includes/admin-screens/2c.jpg"; http_uri; depth:54; isdataat:!1,relative; content:"ivisionhealth.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255830/; classtype:trojan-activity;sid:81118930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/2kn30ouin5i04r4/po442df9bc210ac.xlsbdl=1"; http_uri; depth:43; isdataat:!1,relative; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255829/; classtype:trojan-activity;sid:81118929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/fiysucb/"; http_uri; depth:18; isdataat:!1,relative; content:"netrotaxi.ir"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255828/; classtype:trojan-activity;sid:81118928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/6gffyuln1b-ytvxg8o56h-09/"; http_uri; depth:37; isdataat:!1,relative; content:"alphoreswdc.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255827/; classtype:trojan-activity;sid:81118927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zupksg/1c18zmuh2y-o6m0rpb-87868516/"; http_uri; depth:36; isdataat:!1,relative; content:"todayalbanianews.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255826/; classtype:trojan-activity;sid:81118926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/eoblvquh/"; http_uri; depth:18; isdataat:!1,relative; content:"indobola88.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255825/; classtype:trojan-activity;sid:81118925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/szzymzyx/"; http_uri; depth:21; isdataat:!1,relative; content:"chargelity.pl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255824/; classtype:trojan-activity;sid:81118924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gegy/h2/"; http_uri; depth:9; isdataat:!1,relative; content:"www.echoclassroom.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255823/; classtype:trojan-activity;sid:81118923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/vrys1f3o/"; http_uri; depth:19; isdataat:!1,relative; content:"saismiami.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_20; reference:url, urlhaus.abuse.ch/url/255822/; classtype:trojan-activity;sid:81118922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/z60/"; http_uri; depth:14; isdataat:!1,relative; content:"www.selfdefansakademi.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255821/; classtype:trojan-activity;sid:81118921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/academy/b/"; http_uri; depth:11; isdataat:!1,relative; content:"anjoue.jp"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255820/; classtype:trojan-activity;sid:81118920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wwvv2/humaf5u/"; http_uri; depth:15; isdataat:!1,relative; content:"seorailsy.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255819/; classtype:trojan-activity;sid:81118919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/cuzcaixyq/"; http_uri; depth:22; isdataat:!1,relative; content:"gsr.park.edu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255818/; classtype:trojan-activity;sid:81118918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/irn4z/"; http_uri; depth:16; isdataat:!1,relative; content:"btfila.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255816/; classtype:trojan-activity;sid:81118916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/document.exe"; http_uri; depth:13; isdataat:!1,relative; content:"spdtextile.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255815/; classtype:trojan-activity;sid:81118915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/60d0crm2/"; http_uri; depth:29; isdataat:!1,relative; content:"www.quantums.technology"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255814/; classtype:trojan-activity;sid:81118914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/phpmyadmin/7zjjeh376351/"; http_uri; depth:25; isdataat:!1,relative; content:"store.aca-apac.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255813/; classtype:trojan-activity;sid:81118913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/comm/moneymakers/css/m53/"; http_uri; depth:26; isdataat:!1,relative; content:"wwwhelper.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255812/; classtype:trojan-activity;sid:81118912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/52xcnq38038/"; http_uri; depth:24; isdataat:!1,relative; content:"www.okaylatest.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255811/; classtype:trojan-activity;sid:81118911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/cb72253/"; http_uri; depth:20; isdataat:!1,relative; content:"ds-stoneroots.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255810/; classtype:trojan-activity;sid:81118910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.spc"; http_uri; depth:14; isdataat:!1,relative; content:"159.89.139.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255809/; classtype:trojan-activity;sid:81118909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"167.71.184.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255808/; classtype:trojan-activity;sid:81118908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"167.71.184.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255807/; classtype:trojan-activity;sid:81118907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.x86"; http_uri; depth:14; isdataat:!1,relative; content:"159.89.139.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255806/; classtype:trojan-activity;sid:81118906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"159.89.139.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255805/; classtype:trojan-activity;sid:81118905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"159.89.139.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255804/; classtype:trojan-activity;sid:81118904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"151.226.2.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255803/; classtype:trojan-activity;sid:81118903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"167.71.184.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255802/; classtype:trojan-activity;sid:81118902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"159.89.139.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255801/; classtype:trojan-activity;sid:81118901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"159.89.139.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255800/; classtype:trojan-activity;sid:81118900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"167.71.184.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255799/; classtype:trojan-activity;sid:81118899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"167.71.184.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255798/; classtype:trojan-activity;sid:81118898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm"; http_uri; depth:14; isdataat:!1,relative; content:"159.89.139.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255797/; classtype:trojan-activity;sid:81118897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"159.89.139.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255796/; classtype:trojan-activity;sid:81118896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"167.71.184.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255795/; classtype:trojan-activity;sid:81118895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.spc"; http_uri; depth:21; isdataat:!1,relative; content:"167.71.184.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255794/; classtype:trojan-activity;sid:81118894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3309"; http_uri; depth:5; isdataat:!1,relative; content:"23.247.82.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255793/; classtype:trojan-activity;sid:81118893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"159.89.139.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255791/; classtype:trojan-activity;sid:81118891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"167.71.184.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255790/; classtype:trojan-activity;sid:81118890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"167.71.184.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255789/; classtype:trojan-activity;sid:81118889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"167.71.184.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255788/; classtype:trojan-activity;sid:81118888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"167.71.184.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255787/; classtype:trojan-activity;sid:81118887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"159.89.139.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255786/; classtype:trojan-activity;sid:81118886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.mips"; http_uri; depth:15; isdataat:!1,relative; content:"159.89.139.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255785/; classtype:trojan-activity;sid:81118885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/inlzpjm0"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255784/; classtype:trojan-activity;sid:81118884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/pqj6c7ex"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255783/; classtype:trojan-activity;sid:81118883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/preview.exe"; http_uri; depth:12; isdataat:!1,relative; content:"spdtextile.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255782/; classtype:trojan-activity;sid:81118882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/p7nvbwgt"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255781/; classtype:trojan-activity;sid:81118881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/376053989701189642/413452490399416320/injector.exe"; http_uri; depth:63; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255780/; classtype:trojan-activity;sid:81118880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/plugins/content/apismtp/documents/aaaaa.png"; http_uri; depth:44; isdataat:!1,relative; content:"mehmoodtrust.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255779/; classtype:trojan-activity;sid:81118879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dc090991001.zip"; http_uri; depth:16; isdataat:!1,relative; content:"mstr11.s3.us-east-2.amazonaws.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255777/; classtype:trojan-activity;sid:81118877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ng5m/"; http_uri; depth:15; isdataat:!1,relative; content:"zekisincarproduction.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255776/; classtype:trojan-activity;sid:81118876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yedek/6zezxya/"; http_uri; depth:15; isdataat:!1,relative; content:"tasvillalar.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255775/; classtype:trojan-activity;sid:81118875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/hzsi3ft/"; http_uri; depth:18; isdataat:!1,relative; content:"sunriseeds.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255774/; classtype:trojan-activity;sid:81118874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/kh8/"; http_uri; depth:17; isdataat:!1,relative; content:"abedtravels.co.uk"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255773/; classtype:trojan-activity;sid:81118873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ep78/"; http_uri; depth:15; isdataat:!1,relative; content:"sdsdesserts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255771/; classtype:trojan-activity;sid:81118871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dc93099910.zip"; http_uri; depth:15; isdataat:!1,relative; content:"awsx11.s3.us-east-2.amazonaws.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255770/; classtype:trojan-activity;sid:81118870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.exe"; http_uri; depth:13; isdataat:!1,relative; content:"fk.0xbdairolkoie.space"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255767/; classtype:trojan-activity;sid:81118867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1z6nyyssjdvv94idlqk6vglcxsaslcycp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255766/; classtype:trojan-activity;sid:81118866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1rpkmk-c7bu6b9piletbne31h2tmgyyht|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255765/; classtype:trojan-activity;sid:81118865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=12c_bwtto7frwzmqcux0uaom_acgkoo5p|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255764/; classtype:trojan-activity;sid:81118864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dch-joupv6ehcpsmopgujpy6xwpodire|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255763/; classtype:trojan-activity;sid:81118863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1odjsye7ioh_x4_j4t3ztoeciebm_yub6|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255762/; classtype:trojan-activity;sid:81118862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kxzaqvtqbhoe5vr31u4d3q6hk_sg3vai|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255761/; classtype:trojan-activity;sid:81118861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1lcnqvrswrcgvgfrpbhi6kttzeifign59|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255760/; classtype:trojan-activity;sid:81118860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1jn_quskxjvopb29xsbqqg9sw4blkebhj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255759/; classtype:trojan-activity;sid:81118859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=18jfuuucnbghrcjwnbbowfb5eqrifxlp1|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255758/; classtype:trojan-activity;sid:81118858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=13b3zamnibon3ytmsbaizc-dhbfmbfzgb|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255757/; classtype:trojan-activity;sid:81118857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1f9v_hgz9np3vk7mcvx5cv7rltdp9vvbp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255756/; classtype:trojan-activity;sid:81118856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1_l6y2wq6bx5o20gzgjipymlrypmxup91|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255755/; classtype:trojan-activity;sid:81118855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1lu8eobdaqmukwme4dnzbxzj3vjfjdmld|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255754/; classtype:trojan-activity;sid:81118854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1t7o8iwumgnyi7tucjif1qcpvtcp-cv6k|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255753/; classtype:trojan-activity;sid:81118853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1upq-c3nhg_fywl6phvrigwhzuapbp8qn|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255752/; classtype:trojan-activity;sid:81118852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1iydohvrdqeiu3cpwn9le54_l39r7ag_g|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255751/; classtype:trojan-activity;sid:81118851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1jjtky2ljs2vu3pdamaqof4racn_9atbg|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255750/; classtype:trojan-activity;sid:81118850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1o2hxyusbdik5flwef-y3-bfodbokwsq_|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255749/; classtype:trojan-activity;sid:81118849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1_gqsm5jtyomqnlutehidnbtzeqb_m7pj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255748/; classtype:trojan-activity;sid:81118848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1nmf-gziid--zz44rnrrjntr6huv1kanp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255747/; classtype:trojan-activity;sid:81118847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1hid0enco1ygcce6qdb9yx5jnspcknfhv|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255746/; classtype:trojan-activity;sid:81118846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1vdaetiufot5sa9iyi0nxtn_3ycuzkjhy|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255745/; classtype:trojan-activity;sid:81118845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1yfyrxfa_en6pnrcccnapocpxmsflhj4n|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255744/; classtype:trojan-activity;sid:81118844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=10thi8zzrokyfjlhanx3_v2cbyc2fi2ly|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255743/; classtype:trojan-activity;sid:81118843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1l_wqvtoccrc8n1csbpefma4gpj63tfeo|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255742/; classtype:trojan-activity;sid:81118842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1riri8uyalz-mwppxgrykidrezxcemvlp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255741/; classtype:trojan-activity;sid:81118841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=16pulvzfdzaxzq4rqlgvew1viipk2coqf|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255740/; classtype:trojan-activity;sid:81118840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1hyvaewmk_31nkkcdlm92e6gnfyiemu6d|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255739/; classtype:trojan-activity;sid:81118839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1o3uiprzv4xmwkrvz_q6tylaflolhsclx|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255738/; classtype:trojan-activity;sid:81118838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1omq-dbe1fs8oijtqat4nd_iz-tv_b4l0|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255737/; classtype:trojan-activity;sid:81118837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1umu0tfw4nuq8obj8ju4gmijfrg-mqe9l|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255736/; classtype:trojan-activity;sid:81118836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wqo4narxo3q7mzvba2ev-uvkqsolq-gl|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255735/; classtype:trojan-activity;sid:81118835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ivy4jmpyygfzql1qjeklqsrneinftqop|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255734/; classtype:trojan-activity;sid:81118834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=19h-cbfakpwgmx53o9uvyb7lymvwngp7u|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255733/; classtype:trojan-activity;sid:81118833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1j9max69yf4detpxcbzikro4wupqbsxno|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255732/; classtype:trojan-activity;sid:81118832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=11zhef1svjips8swtlexvir5ezow2ggwm|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255731/; classtype:trojan-activity;sid:81118831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1muy0lj1qv57fzrq4ohprtvusksrxqyq7|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255730/; classtype:trojan-activity;sid:81118830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1henhnuaarjbzi3lvjsnb0i4e8c33zeze|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255729/; classtype:trojan-activity;sid:81118829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1diwm6lc-iawejh_qafiltrm76dpwuh6f|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255728/; classtype:trojan-activity;sid:81118828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1idg7t_cbc-1azkwlv8cm1jgcrcwey8ek|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255727/; classtype:trojan-activity;sid:81118827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1c2pv7vj5s55_povucrklsq6twip5auys|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255726/; classtype:trojan-activity;sid:81118826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ojtyz4knsrifhdwbhgceqx_fztin4qya|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255725/; classtype:trojan-activity;sid:81118825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mkko7dx3mhktlefut2zrlyxohhqzrw-k|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255724/; classtype:trojan-activity;sid:81118824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1auv-_ftv6hywxyhfji_wot-rswo64zs9|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255723/; classtype:trojan-activity;sid:81118823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gsnscyxpnup1ssxbz9rpkgamnqfdcylw|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255722/; classtype:trojan-activity;sid:81118822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ets7nqdgcby-htcag5ri5bljlxcgmpw3|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255721/; classtype:trojan-activity;sid:81118821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1q8djm2wk3gbuw1xxtgxfslyksynexh6-|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255720/; classtype:trojan-activity;sid:81118820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ovay9f7yt61zckaqttsfo1w7xjc6_fxl|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255719/; classtype:trojan-activity;sid:81118819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dgiaqa77uteog14u5hcd-km7rge8bqsz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255718/; classtype:trojan-activity;sid:81118818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1cxhldnqc9tn5sbfdxafxnkzjovrhekzp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255717/; classtype:trojan-activity;sid:81118817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1n3d2cechbcldldmdyzhhqm1bfl3j1l8p|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255716/; classtype:trojan-activity;sid:81118816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1b4flblkxdmsj14jm45lwbmwgyfqanufi|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255715/; classtype:trojan-activity;sid:81118815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ixg3ekmsqdablf6_4l87zeliy6kzdyc3|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255714/; classtype:trojan-activity;sid:81118814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1b1p1mm1zwpxeselmzdlzuifz3dkqwjsg|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255713/; classtype:trojan-activity;sid:81118813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1hxcl7ezlm959cnbrclzsa8tu5txph7p2|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255712/; classtype:trojan-activity;sid:81118812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xhwogu8iz4ikxxzorfogcqvyyialmctc|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255711/; classtype:trojan-activity;sid:81118811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dsmqvf4t2l5yop6qk1zbpagbjlpf10ry|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255710/; classtype:trojan-activity;sid:81118810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=10_4qdtkauy63j55makwcb3rclq9r581r|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255709/; classtype:trojan-activity;sid:81118809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1iqumjkozhvttd5_ajeqlfbt4mls_3ils|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255708/; classtype:trojan-activity;sid:81118808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1u_zgcq82ufmyuakx8mxaryvjoctrduxx|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255707/; classtype:trojan-activity;sid:81118807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1e8eokh-j7cob8bglpglfbr6kqkruhyhj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255706/; classtype:trojan-activity;sid:81118806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1glvgnil-arlhs1pylm-dei5qvhta9msn|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255705/; classtype:trojan-activity;sid:81118805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=15m3sconnbcomaertregkc4jw0awc6v2u|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255704/; classtype:trojan-activity;sid:81118804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1obku3coicxj7wjk0o58svg7srm29xhel|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255703/; classtype:trojan-activity;sid:81118803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=14ykfii0su6ark2qkthupbe8rnpzolex5|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255702/; classtype:trojan-activity;sid:81118802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1zex5vlbv036-jwwd2nbpqwzqawnob7pq|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255701/; classtype:trojan-activity;sid:81118801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1y9r4hp2p2nyzd2otmki1jgg2q3hy7j_m|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255700/; classtype:trojan-activity;sid:81118800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1erx2zszx00bxcep7m1fevqxzek8xebyp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255699/; classtype:trojan-activity;sid:81118799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1uxl5bkhvusfdxhazwj7mxxsd6mwogpmr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255698/; classtype:trojan-activity;sid:81118798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=16v3kdslrdaunxfuakomzaws2dvfanz78|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255697/; classtype:trojan-activity;sid:81118797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1i7qboxupjiefopyfk-xpigh2i3xdzffa|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255696/; classtype:trojan-activity;sid:81118796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=15emlvwkf0c3o_snnnezzdyychqmizhmv|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255695/; classtype:trojan-activity;sid:81118795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1v7c5y9anlxk9kjtuvwxtnwmge9jk3god|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255694/; classtype:trojan-activity;sid:81118794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1l1hmbwwcjf_nwur_dh--ybmk-zgum4z3|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255693/; classtype:trojan-activity;sid:81118793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gpq0xktnes4ncvs_orp_qg-2kzqojkgr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255692/; classtype:trojan-activity;sid:81118792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1bxn9epzxvk8bmccjy3u1ukxabwuhssxd|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255691/; classtype:trojan-activity;sid:81118791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1z88pdrc3kubzjtjdndsucwzczwsrv3nu|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255690/; classtype:trojan-activity;sid:81118790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1z1difx8uur7ev9cbg596ct2vqooujtki|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255689/; classtype:trojan-activity;sid:81118789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1qrwsxm_bvvuajbmix05fix6mfdbxgrk0|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255688/; classtype:trojan-activity;sid:81118788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1az12x5lmk_s8yw39bx-fk_4zyofh7qd6|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255687/; classtype:trojan-activity;sid:81118787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1jepqu9ha1kbzmsgkmusmnqvoy2cy8dvg|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255686/; classtype:trojan-activity;sid:81118786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1sq17z2jnvkye-6jv5tovzwdrlll1qsts|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255685/; classtype:trojan-activity;sid:81118785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1sgqdg87dm7ckyscgjnpbglpskr5uxqpy|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255684/; classtype:trojan-activity;sid:81118784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1cxrfdjxnuwwjzixez9igcfrznpf6vyep|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255683/; classtype:trojan-activity;sid:81118783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1o-ahxypoayrj-gzb0lpvm6t0zsnyr2mi|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255682/; classtype:trojan-activity;sid:81118782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1vgw3uuqjyqriydqzzecvldlxcrus_tjr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255681/; classtype:trojan-activity;sid:81118781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1lka6kukhdcusyrrlg-p8hn9-kfpmrdtc|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255680/; classtype:trojan-activity;sid:81118780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1rm1j-dltphsbo7l0pkw4pfjhtmytyxk6|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255679/; classtype:trojan-activity;sid:81118779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=15n8hbqjabd6cua8ovtznddwygihkbrdk|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255678/; classtype:trojan-activity;sid:81118778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mhbywwav4_zxzrgs6qoe9hrkebklpyt8|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255677/; classtype:trojan-activity;sid:81118777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1lqpqp56kbkohqlfkdhuk5_0gqhpq-y3c|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255676/; classtype:trojan-activity;sid:81118776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1otohgc91iyedwkucjy02zcsgju0wx7m5|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255675/; classtype:trojan-activity;sid:81118775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=15d3zivtaqhu0pesg-q6m4f7xnuiu8miq|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255674/; classtype:trojan-activity;sid:81118774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wco1khxjnbfmrhtpnigwyddnjxbfdkuc|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255673/; classtype:trojan-activity;sid:81118773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1avpaawmyqlwg5uhz4f-1ewzlegm6zlkt|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255672/; classtype:trojan-activity;sid:81118772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ezrnr_orqrluwocpvdxhdztfbv8t5dai|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255671/; classtype:trojan-activity;sid:81118771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1owvm3clkewberuxooyrrcebdrxjnxojh|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255670/; classtype:trojan-activity;sid:81118770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1p1x3u7lcas7gdrngpu3xftyhy-x85n7u|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255669/; classtype:trojan-activity;sid:81118769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1znqokorj6jvyxp2mfywfygv0lrhlzcv_|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255668/; classtype:trojan-activity;sid:81118768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gowtzqccll1ivtuxcjq1phkoc4nunawf|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255667/; classtype:trojan-activity;sid:81118767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wryijj1an_hopdibccng4zecms39oy9t|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255666/; classtype:trojan-activity;sid:81118766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1yujfe4r8zawftrz-u7ociula4s5vom7j|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255665/; classtype:trojan-activity;sid:81118765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=14oytgzva8ek9rbnpc9ulzizsp38smrrb|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255664/; classtype:trojan-activity;sid:81118764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1cu_2w3nccsh-ufxh9ihie16e3zbq_ewb|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255663/; classtype:trojan-activity;sid:81118763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1fpl6v-c9t3spopzkcrlijqwby4wgnfoj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255662/; classtype:trojan-activity;sid:81118762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1thnfm9bmmnvgv23nvpirtrwbex3thwqm|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255661/; classtype:trojan-activity;sid:81118761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1vzkana_4wx4ygvl6esqp6zhertqr4quk|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255660/; classtype:trojan-activity;sid:81118760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=12wvzf1qmhgfb_1rlkvpw43o1ctfhbzmu|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255659/; classtype:trojan-activity;sid:81118759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1vd0ve28utssrxyfw8nytpucpfrzelhss|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255658/; classtype:trojan-activity;sid:81118758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1r1vgjpnca5mgrc-e8wuqbbacat6g9oiv|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255657/; classtype:trojan-activity;sid:81118757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1b-8noyxnviqebqbd7z0b33oogyquzy4o|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255656/; classtype:trojan-activity;sid:81118756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1yy-degytrhwd7dqpqtbufqhf_6tmcenw|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255655/; classtype:trojan-activity;sid:81118755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1qcev5_a7mrylmaxd1lpwqo-ubz14logw|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255654/; classtype:trojan-activity;sid:81118754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wwntj6usy8an5vuyor37bj0jtv6afnht|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255653/; classtype:trojan-activity;sid:81118753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1obajdxmjt14egwwtgwqt_sp7spxbdygh|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255652/; classtype:trojan-activity;sid:81118752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wc6nitb5rnaocxsq7xvrtmkdc4tdvqty|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255651/; classtype:trojan-activity;sid:81118751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gdmk0fpdru_czihecsfw2ghghwmzzf1i|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255650/; classtype:trojan-activity;sid:81118750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=19jelswel64tbpk3-rdu1di4i9ynlq4op|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255649/; classtype:trojan-activity;sid:81118749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=110jjvf6l5jvhliv0ujvayw6e3htvuuji|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255648/; classtype:trojan-activity;sid:81118748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ac7f6ipgdwmuowes5fs8_rwvxyst7hhn|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255647/; classtype:trojan-activity;sid:81118747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=159j0aimjhdj1ztx496yxloshlmuvddof|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255646/; classtype:trojan-activity;sid:81118746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gjv-zy4mhgitdoz73mmz9of0otxvu8fp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255645/; classtype:trojan-activity;sid:81118745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1rtshn5_hxa2xjsws2ce6lwktwwenmsaf|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255644/; classtype:trojan-activity;sid:81118744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1jwdfb_xasb4wvtjbwxtcwwkljuy9emcq|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255643/; classtype:trojan-activity;sid:81118743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ewbbpvhi_cx5vgablrixrkrhw7fuxy3d|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255642/; classtype:trojan-activity;sid:81118742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=12vlxxk3xgdq5x0brstkm7n-kozf9dsu2|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255641/; classtype:trojan-activity;sid:81118741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1tfoyjtlb9joa0gzb_eekqbj2xo5kvnni|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255640/; classtype:trojan-activity;sid:81118740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=18ni4e-cexjrxmqwv-iwjvlcddzml8dg5|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255639/; classtype:trojan-activity;sid:81118739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1py6wsjdyv5vko3lzp0ovsmkczkslmtb2|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255638/; classtype:trojan-activity;sid:81118738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mlzy7hpdxg__tltjjwnuyalfge7bhdrl|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255637/; classtype:trojan-activity;sid:81118737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=19gi7qwur8drh-rli7ay8-cqyf34k8u2o|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255636/; classtype:trojan-activity;sid:81118736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xmjf085le8zoim96vgolaanklgqy7oe5|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255635/; classtype:trojan-activity;sid:81118735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1m0m6acadqgexzk_t8m6eieglcsnmhuae|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255634/; classtype:trojan-activity;sid:81118734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1jxbr8uob_uuo34bue45czyi91nasszvn|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255633/; classtype:trojan-activity;sid:81118733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1313yuq_dxoykqylgvnsmtnrk30zw9oip|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255632/; classtype:trojan-activity;sid:81118732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1qqh0-f-m7qeondkjw4tzduluzmodtcyc|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255631/; classtype:trojan-activity;sid:81118731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1oiw-bbh-hwrw37ljyp3fqlk00anhypdv|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255630/; classtype:trojan-activity;sid:81118730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1pnh5bl9pumyydda4yfb1setshtq-h4ma|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255629/; classtype:trojan-activity;sid:81118729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1o4tiuryqs1cuz2emj352wos4gdldxkk1|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255628/; classtype:trojan-activity;sid:81118728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=16zyhk7mrcfjpswef43aua_zzomp1nsww|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255627/; classtype:trojan-activity;sid:81118727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wqxsmuf2fpchyb9besiottdpm5s201kw|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255626/; classtype:trojan-activity;sid:81118726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1q-y8qsfoqljg-mu5zj4ilr39p3yq_8ex|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255625/; classtype:trojan-activity;sid:81118725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1flw53gaueose6zs5g0kx1bzxnou7u-ck|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255624/; classtype:trojan-activity;sid:81118724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1aecfxxuw1pysvicmtemur40fqqbwdcga|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255623/; classtype:trojan-activity;sid:81118723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1bmy6veqdsle9xxz5ya0ahquixgssepj4|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255622/; classtype:trojan-activity;sid:81118722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dhunotrek_nxxyi4oaltzcs3lh2shcwo|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255621/; classtype:trojan-activity;sid:81118721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1rar0hskvr7dyxyc4xbxjpyx9j6fsfh7k|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255620/; classtype:trojan-activity;sid:81118720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mymkgbptodpxylkhnveeutobw0bnl_9s|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255619/; classtype:trojan-activity;sid:81118719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1t8pay6kmk5hwbj3r-kaimjviivywzni0|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255618/; classtype:trojan-activity;sid:81118718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xdgo_hki0pjakmto1inhfd78brjewgjd|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255617/; classtype:trojan-activity;sid:81118717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1rprtnke0lqfkrtxawhfihzvy7_qwi3-m|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255616/; classtype:trojan-activity;sid:81118716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=114ghvfqppqlyyxyvvyq--umwwxv0fk0p|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255615/; classtype:trojan-activity;sid:81118715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1khzbugmw5fts1tfmkospofrcs6zkvjnp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255614/; classtype:trojan-activity;sid:81118714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1yjb7fd93pjbvzvlgsql-lexcg3wd_zgu|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255613/; classtype:trojan-activity;sid:81118713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1rdtsvsizzyckxzn0doas7yuy3gwudf1b|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255612/; classtype:trojan-activity;sid:81118712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1fxslym_kobicrncrhmeemf564d7ub22c|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255611/; classtype:trojan-activity;sid:81118711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dztkrc5m33hkrha-j9aj7f_ch1gomnud|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255610/; classtype:trojan-activity;sid:81118710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kumdcojaokys7wria5bw1gprll8rqgto|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255609/; classtype:trojan-activity;sid:81118709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1yec4gzwqpgp3wedmmatwdf82qqj8j0e2|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255608/; classtype:trojan-activity;sid:81118708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=168yi5fvej5oefdat9v3tctxwkifondlt|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255607/; classtype:trojan-activity;sid:81118707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1hswsvltkb-340omraybghfw1zccpgyfh|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255606/; classtype:trojan-activity;sid:81118706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1-el42w6csfq8ygqyj6cqbyfpdjli3clr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255605/; classtype:trojan-activity;sid:81118705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1zupsrs_77hmm_qufr55i0n7pggnbwwpr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255604/; classtype:trojan-activity;sid:81118704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1nwc6v4_jrxdwo9vli2zvcf9e1f1ma-aq|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255603/; classtype:trojan-activity;sid:81118703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1e2x62jiycqvwdjulrmw7orww_xriuhme|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255602/; classtype:trojan-activity;sid:81118702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=15k0tf3bfcmcszrszs62ovayh8we01qix|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255601/; classtype:trojan-activity;sid:81118701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xjshhlv0n2gw58wuil9vxi3isqh0k8nw|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255600/; classtype:trojan-activity;sid:81118700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1vbqxigxwh2mtucqntcbirru4un7gjxj8|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255599/; classtype:trojan-activity;sid:81118699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1_gucukdeypsf0xwjss9kle3lapprrbdv|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255598/; classtype:trojan-activity;sid:81118698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ru_5qmfspkbi-0sqbmgyruefacsrayr3|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255597/; classtype:trojan-activity;sid:81118697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1exhtv2ve2hlzloxa52yeck33pufyojwd|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255596/; classtype:trojan-activity;sid:81118696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1edeslt9hoco_nxs7-gd1zy_iutxdufpj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255595/; classtype:trojan-activity;sid:81118695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ceefsp7h_mfcfs4__sprq_z4ylvqrrkt|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255594/; classtype:trojan-activity;sid:81118694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1_ihamsge5pyd_qdqktrhv3pjpyun8sme|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255593/; classtype:trojan-activity;sid:81118693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gaurukomz2mfnfy-4efypes2jkrkvzba|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255592/; classtype:trojan-activity;sid:81118692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=13h8hvnppe8aafrby9wzakso2tbb2szdb|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255591/; classtype:trojan-activity;sid:81118691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1vjhlvgyecwyjxswyi9eikuqocmtcs4iz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255590/; classtype:trojan-activity;sid:81118690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=19jjtm1tzq8cbg10ampmpcoehy7ijmcna|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255589/; classtype:trojan-activity;sid:81118689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1salqen1lqxagtuunvbsvm3ztkwjqmbdd|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255588/; classtype:trojan-activity;sid:81118688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1pdjyvcklfqhtj-wfu7t2y-aabnr_tyjy|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255587/; classtype:trojan-activity;sid:81118687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1atv9g2091cwr4nzgatpiccbkauj1d05z|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255586/; classtype:trojan-activity;sid:81118686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xj1euapjx2m7sa6hl5j9es6czk5oal_t|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255585/; classtype:trojan-activity;sid:81118685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1uh6rmkzj1azc7pus9e0xacp0vzrbvygq|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255584/; classtype:trojan-activity;sid:81118684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=14gsyo76sz3t2551nugwusiiczbbdw_lt|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255583/; classtype:trojan-activity;sid:81118683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ujhokvtzl2eft9ltezblididb1u0ha94|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255582/; classtype:trojan-activity;sid:81118682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1eosi8ktsvrsv7cylq9ga5qbbvee2g3wt|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255581/; classtype:trojan-activity;sid:81118681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dbenn_nkndgzuhauaqifqkrv6nobm5c6|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255580/; classtype:trojan-activity;sid:81118680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1jdvzrxtaf7pwkuu6kyc9kygs-j0ymsfj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255579/; classtype:trojan-activity;sid:81118679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1patpjhhmhpl8flobejqdespiupfxpsbm|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255578/; classtype:trojan-activity;sid:81118678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1tsrugmwyhsnapmdegfhwgehqogqkqucp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255577/; classtype:trojan-activity;sid:81118677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1abtry2sj4osce7uqw5nqkrzrdtlr3rhs|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255576/; classtype:trojan-activity;sid:81118676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=12iydrgjktzm3vhyhqo16l42h9yr7qmme|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255575/; classtype:trojan-activity;sid:81118675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ardsu1p93-iuyglwznnswqy3rn-fqvyw|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255574/; classtype:trojan-activity;sid:81118674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1n44aendd-qkuup_pofoswusulvqfz4tp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255573/; classtype:trojan-activity;sid:81118673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1iockypsf5c43keznbqoyojfcfpiznwaz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255572/; classtype:trojan-activity;sid:81118672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1-cxhhtx2hcogfvmrx7eiea050bimlidy|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255571/; classtype:trojan-activity;sid:81118671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1nox566zbx1rjpiivgg9mhiuhm4ccgpg9|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255570/; classtype:trojan-activity;sid:81118670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1z6yn3r6eyad7-s8ioybc3wj973wl1yak|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255569/; classtype:trojan-activity;sid:81118669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gl6d0chtaaechr3fnki1ensev81tzc66|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255568/; classtype:trojan-activity;sid:81118668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1v1jafpglafq8nr47baahfmxkftxq3g03|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255567/; classtype:trojan-activity;sid:81118667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ulughyi_iaix5djlc-uo_vv670p-e5wf|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255566/; classtype:trojan-activity;sid:81118666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1pl3xnqdnsi6ocunuik4nm3ieue5iy8r2|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255565/; classtype:trojan-activity;sid:81118665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1528kpdfv3i_vb4qsznwral7dq_nac3px|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255564/; classtype:trojan-activity;sid:81118664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1inmdzobughqjisngithyow8twnyejzmn|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255563/; classtype:trojan-activity;sid:81118663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wppxmf6tz2xkpl4sf_owpjc3yf50yidl|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255562/; classtype:trojan-activity;sid:81118662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1-v6qa3dav99hdc17w78fdoeynynogdey|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255561/; classtype:trojan-activity;sid:81118661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1cfm5uste_kezqnevflt4ga8ewsujkm8z|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255560/; classtype:trojan-activity;sid:81118660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1x_9td2nmbpzl2rp8rgqg7psnle0wjcqs|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255559/; classtype:trojan-activity;sid:81118659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1pcuf0mznz9a8wgafma8blooabjtxd7oz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255558/; classtype:trojan-activity;sid:81118658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kbujnlvidlheew02ugrmokihajoswrji|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255557/; classtype:trojan-activity;sid:81118657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=19jaahgzu5xspvcmfjvv2ufroxpzbv0hg|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255556/; classtype:trojan-activity;sid:81118656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1cihxibjsg4w-fwki5j47kcp0b_qqi3iu|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255555/; classtype:trojan-activity;sid:81118655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=152yfhcukfhtqmatiid_doppcdhl5gwo_|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255554/; classtype:trojan-activity;sid:81118654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xbrytgaarcdir2jyzjmaoceruoi8vu2d|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255553/; classtype:trojan-activity;sid:81118653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ycn8ldiavxuvqbesid0ocx1e-cz7jbpa|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255552/; classtype:trojan-activity;sid:81118652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1qq33oxth6bdkxyddg15pw6wtqd-aewoj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255551/; classtype:trojan-activity;sid:81118651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1jaduyelxzaxex0hzsaul3vknnan9joyy|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255550/; classtype:trojan-activity;sid:81118650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1eoxthrakjtbqf8htklhqfsc6s47teb41|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255549/; classtype:trojan-activity;sid:81118649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1aeff1oh08rrwmmmywjvyhls1mrhsprkz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255548/; classtype:trojan-activity;sid:81118648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ke2_kv7yiirzo66urxjxg4w2cstfmaw0|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255547/; classtype:trojan-activity;sid:81118647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dalzv_fio_sbqdnnefie8acapmnvtbu2|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255546/; classtype:trojan-activity;sid:81118646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=18gxjem1btilednqrhbsmng5ahx65x3y_|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255545/; classtype:trojan-activity;sid:81118645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1shobzqxj98zsetp_rqntyahasorq1otn|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255544/; classtype:trojan-activity;sid:81118644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1vy-vbafu57yq4dhv2r79hxlubwruob27|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255543/; classtype:trojan-activity;sid:81118643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1y-8dt8mm1ebzd7d13tohsmgmz8i4wqh5|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255542/; classtype:trojan-activity;sid:81118642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1eujc-ntbsgxrwpeuimaymttpo1slnj3p|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255541/; classtype:trojan-activity;sid:81118641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1vjtdnyzvmsatgx6ykqykp2d7clmbvk6u|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255540/; classtype:trojan-activity;sid:81118640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1hjj8dfuyovlqjrznodrpzai46xi-srw7|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255539/; classtype:trojan-activity;sid:81118639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1romsmm6w4m7s28r1orqmsdbncskhpbqo|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255538/; classtype:trojan-activity;sid:81118638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kngklcmlonzt1frxbdqk7elz59gx_t1t|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255537/; classtype:trojan-activity;sid:81118637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1lzpkrodjj1evvowzupic0mi9ae-7rc3q|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255536/; classtype:trojan-activity;sid:81118636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gibss5y_lmax8mk5xutnbs1nqju84nfr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255535/; classtype:trojan-activity;sid:81118635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mtrw29qsbkdmihwmfzfifrgqsw8rw29-|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255534/; classtype:trojan-activity;sid:81118634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1homrpdnkklyvwj2qmihbofk9bnfosu8h|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255533/; classtype:trojan-activity;sid:81118633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=16yjsbyg09gvqpmqej634cxofydd5z7je|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255532/; classtype:trojan-activity;sid:81118632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=13ibzop0b2pag1-a6mm1vjczlpvoewinu|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255531/; classtype:trojan-activity;sid:81118631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=11fn3rlgbrsacf4uwfayxlhg-m4gakcbd|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255530/; classtype:trojan-activity;sid:81118630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1hdsyf8nsmc-vd7jaxa3tq598bghqpncq|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255529/; classtype:trojan-activity;sid:81118629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wssfi7vzpvbkfus-1igrfd8bgldezxlq|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255528/; classtype:trojan-activity;sid:81118628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1rrs37sy0zjsznkoe2tpciw-j9yhowii6|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255527/; classtype:trojan-activity;sid:81118627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1tdyb3hg7ovtsnrcdpqm_aizkrqwyw8jb|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255526/; classtype:trojan-activity;sid:81118626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1hjxgwa1z08eycsbhshl7uc9vkstjwzna|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255525/; classtype:trojan-activity;sid:81118625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/yfcr4a-5han84a-782471953/"; http_uri; depth:37; isdataat:!1,relative; content:"www.akiba-anime.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255524/; classtype:trojan-activity;sid:81118624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/p8cxe-wfm-13227/"; http_uri; depth:25; isdataat:!1,relative; content:"bmti.com.np"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255523/; classtype:trojan-activity;sid:81118623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/8jyyr-gc8tgzxey-143/"; http_uri; depth:32; isdataat:!1,relative; content:"www.cakra.co.id"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255522/; classtype:trojan-activity;sid:81118622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/k093dz-14o6-2785/"; http_uri; depth:26; isdataat:!1,relative; content:"agrotradecom.az"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255521/; classtype:trojan-activity;sid:81118621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/4f3n7-q6hwjmp-2516240481/"; http_uri; depth:26; isdataat:!1,relative; content:"megafeedbd.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255520/; classtype:trojan-activity;sid:81118620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/s308bq67/"; http_uri; depth:18; isdataat:!1,relative; content:"jobgreben2.store"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255519/; classtype:trojan-activity;sid:81118619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/xtc67oa524/"; http_uri; depth:23; isdataat:!1,relative; content:"pricecutautosales.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255518/; classtype:trojan-activity;sid:81118618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/5w1353/"; http_uri; depth:19; isdataat:!1,relative; content:"agratama.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255517/; classtype:trojan-activity;sid:81118617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/hjwd1my2/"; http_uri; depth:22; isdataat:!1,relative; content:"wilkopaintinc.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255516/; classtype:trojan-activity;sid:81118616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/hyivc90685/"; http_uri; depth:23; isdataat:!1,relative; content:"jahidulpro.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255514/; classtype:trojan-activity;sid:81118614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lov/vbc.exe"; http_uri; depth:12; isdataat:!1,relative; content:"lavinch.firewall-gateway.de"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255513/; classtype:trojan-activity;sid:81118613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/annvdpyx"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255512/; classtype:trojan-activity;sid:81118612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/jay/cjayeeeeee.exe"; http_uri; depth:28; isdataat:!1,relative; content:"www.gasperiniermanno.altervista.org"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255510/; classtype:trojan-activity;sid:81118610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pred777amx.exe"; http_uri; depth:15; isdataat:!1,relative; content:"nadvexmail19mn.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255509/; classtype:trojan-activity;sid:81118609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dan777.exe"; http_uri; depth:11; isdataat:!1,relative; content:"nadvexmail19mn.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255507/; classtype:trojan-activity;sid:81118607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/atx555mx.exe"; http_uri; depth:13; isdataat:!1,relative; content:"45.147.229.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255505/; classtype:trojan-activity;sid:81118605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/puchase%20order.exe"; http_uri; depth:20; isdataat:!1,relative; content:"curly-yoron-0282.sunnyday.jp"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255504/; classtype:trojan-activity;sid:81118604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lov/svchost.exe"; http_uri; depth:16; isdataat:!1,relative; content:"lavinch.firewall-gateway.de"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255503/; classtype:trojan-activity;sid:81118603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; content:"zefleks.rs"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255502/; classtype:trojan-activity;sid:81118602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/22"; http_uri; depth:3; isdataat:!1,relative; content:"zefleks.rs"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255501/; classtype:trojan-activity;sid:81118601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; content:"zefleks.rs"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255500/; classtype:trojan-activity;sid:81118600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; content:"yudiartawan.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255499/; classtype:trojan-activity;sid:81118599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; content:"velisnackindonesia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255498/; classtype:trojan-activity;sid:81118598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; content:"tuisumi.info"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255497/; classtype:trojan-activity;sid:81118597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; content:"osesama.jp"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255496/; classtype:trojan-activity;sid:81118596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; content:"okpiramos.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255495/; classtype:trojan-activity;sid:81118595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/22"; http_uri; depth:3; isdataat:!1,relative; content:"okpiramos.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255494/; classtype:trojan-activity;sid:81118594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; content:"okpiramos.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255493/; classtype:trojan-activity;sid:81118593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; content:"leaguedealer.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255492/; classtype:trojan-activity;sid:81118592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/22"; http_uri; depth:3; isdataat:!1,relative; content:"leaguedealer.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255491/; classtype:trojan-activity;sid:81118591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; content:"leaguedealer.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255490/; classtype:trojan-activity;sid:81118590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; content:"kidsstudio.store"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255489/; classtype:trojan-activity;sid:81118589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; content:"gigantic-friends.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255488/; classtype:trojan-activity;sid:81118588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/22"; http_uri; depth:3; isdataat:!1,relative; content:"gigantic-friends.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255487/; classtype:trojan-activity;sid:81118587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; content:"gigantic-friends.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255486/; classtype:trojan-activity;sid:81118586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; content:"7godzapparal.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255485/; classtype:trojan-activity;sid:81118585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/22"; http_uri; depth:3; isdataat:!1,relative; content:"7godzapparal.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255484/; classtype:trojan-activity;sid:81118584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; content:"7godzapparal.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255483/; classtype:trojan-activity;sid:81118583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/docsnew/89.zip"; http_uri; depth:15; isdataat:!1,relative; content:"global.lakurcala.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255482/; classtype:trojan-activity;sid:81118582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/406373358582890496/610135895655448587/hyu.exe"; http_uri; depth:58; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255481/; classtype:trojan-activity;sid:81118581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/newnik.exe"; http_uri; depth:11; isdataat:!1,relative; content:"curly-yoron-0282.sunnyday.jp"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255480/; classtype:trojan-activity;sid:81118580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/21458745124784512478.exe"; http_uri; depth:25; isdataat:!1,relative; content:"185.244.213.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255479/; classtype:trojan-activity;sid:81118579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tesa/tl12/"; http_uri; depth:11; isdataat:!1,relative; content:"cwizza.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255478/; classtype:trojan-activity;sid:81118578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bk7u7s/befstco4770/"; http_uri; depth:20; isdataat:!1,relative; content:"xehyundai-bacviet.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255477/; classtype:trojan-activity;sid:81118577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/cmtvk264/"; http_uri; depth:19; isdataat:!1,relative; content:"imagedecor.info"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255476/; classtype:trojan-activity;sid:81118576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/06v6/"; http_uri; depth:17; isdataat:!1,relative; content:"savetax.idfcmf.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255475/; classtype:trojan-activity;sid:81118575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uh9wkn80/"; http_uri; depth:21; isdataat:!1,relative; content:"sbtextiles.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255474/; classtype:trojan-activity;sid:81118574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/vb1v/"; http_uri; depth:17; isdataat:!1,relative; content:"kwiaciarniastokrotka.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255473/; classtype:trojan-activity;sid:81118573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ytbdknin/"; http_uri; depth:22; isdataat:!1,relative; content:"www.juzhaituan.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255472/; classtype:trojan-activity;sid:81118572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/jm1/"; http_uri; depth:14; isdataat:!1,relative; content:"uaeessay.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255471/; classtype:trojan-activity;sid:81118571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/nq8ho8/"; http_uri; depth:17; isdataat:!1,relative; content:"szwalnia.budniq.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255470/; classtype:trojan-activity;sid:81118570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jet1/gbtvinh/"; http_uri; depth:14; isdataat:!1,relative; content:"vida-bd.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255468/; classtype:trojan-activity;sid:81118568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/hvnfpnas"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255467/; classtype:trojan-activity;sid:81118567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/cqx9kkbb"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255466/; classtype:trojan-activity;sid:81118566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/afj3yqci"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255465/; classtype:trojan-activity;sid:81118565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gfdwhahe"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255464/; classtype:trojan-activity;sid:81118564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/u2d4frdt"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255463/; classtype:trojan-activity;sid:81118563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/amnubdub"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255462/; classtype:trojan-activity;sid:81118562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a|3b|chmod+777+mozi.a|3b|/tmp/mozi.a+jaws"; http_uri; depth:47; isdataat:!1,relative; content:"182.116.36.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255461/; classtype:trojan-activity;sid:81118561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/26019001.jpg"; http_uri; depth:15; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255460/; classtype:trojan-activity;sid:81118560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/gsoqiu5wxyy2lyp.jpg"; http_uri; depth:22; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255459/; classtype:trojan-activity;sid:81118559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.spc"; http_uri; depth:21; isdataat:!1,relative; content:"45.95.168.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255458/; classtype:trojan-activity;sid:81118558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"45.95.168.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255457/; classtype:trojan-activity;sid:81118557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"45.95.168.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255456/; classtype:trojan-activity;sid:81118556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"45.95.168.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255455/; classtype:trojan-activity;sid:81118555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"45.95.168.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255454/; classtype:trojan-activity;sid:81118554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"45.95.168.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255453/; classtype:trojan-activity;sid:81118553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"45.95.168.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255452/; classtype:trojan-activity;sid:81118552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"45.95.168.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255451/; classtype:trojan-activity;sid:81118551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"45.95.168.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255450/; classtype:trojan-activity;sid:81118550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"45.95.168.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255449/; classtype:trojan-activity;sid:81118549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"45.95.168.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255448/; classtype:trojan-activity;sid:81118548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/21"; http_uri; depth:3; isdataat:!1,relative; content:"23.247.82.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255447/; classtype:trojan-activity;sid:81118547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downs/optrintaetreis11.doc"; http_uri; depth:27; isdataat:!1,relative; content:"www.spanishbullfighters.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255446/; classtype:trojan-activity;sid:81118546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downs/optrintaedois.doc"; http_uri; depth:24; isdataat:!1,relative; content:"www.spanishbullfighters.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255445/; classtype:trojan-activity;sid:81118545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downs/optrintaequatro.doc"; http_uri; depth:26; isdataat:!1,relative; content:"www.spanishbullfighters.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255444/; classtype:trojan-activity;sid:81118544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downs/optrintaeseis.doc"; http_uri; depth:24; isdataat:!1,relative; content:"www.spanishbullfighters.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255443/; classtype:trojan-activity;sid:81118543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mort/win32.exe"; http_uri; depth:15; isdataat:!1,relative; content:"lavinch.firewall-gateway.de"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255442/; classtype:trojan-activity;sid:81118542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/nedu/neduuuuu.exe"; http_uri; depth:27; isdataat:!1,relative; content:"www.gasperiniermanno.altervista.org"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255441/; classtype:trojan-activity;sid:81118541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y4mcnj7vfgd0xlm8ufwhrngzexzyvmg5qvfsxlx9xv2w_ti2tpj3mc-cuvaf96ys01io334xjncp4klezf4np9rqlhymmzelmrmiylgrzlm1eddx9sjjoyeoasc4m5msw5hsczvrragkxovjbg7sxcutvpl4_-kbskjbc3ti0m355jobugoa0a78sed_oitke6h9g3jbi2spwua34haem2wjg/purchase%20order%20no.b9195.exedownload|26|psid=1"; http_uri; depth:268; isdataat:!1,relative; content:"08ohrq.ch.files.1drv.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255440/; classtype:trojan-activity;sid:81118540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/down.phptruemimetype=1|26|i=nwqvvggh"; http_uri; depth:37; isdataat:!1,relative; content:"fv9-2.failiem.lv"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255439/; classtype:trojan-activity;sid:81118539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/msc_qq.scr"; http_uri; depth:11; isdataat:!1,relative; content:"bugansavings.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255438/; classtype:trojan-activity;sid:81118538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/socks111atx.exe"; http_uri; depth:16; isdataat:!1,relative; content:"nadvexmail19mn.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255437/; classtype:trojan-activity;sid:81118537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/css/dist/list-reusable-blocks/apremitrad2ban_pdf.jar"; http_uri; depth:65; isdataat:!1,relative; content:"pro-luft.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255436/; classtype:trojan-activity;sid:81118536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"111.43.223.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255435/; classtype:trojan-activity;sid:81118535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/5890112.jpg"; http_uri; depth:14; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255434/; classtype:trojan-activity;sid:81118534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/svxfbthbrbsfvfr.jpg"; http_uri; depth:22; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255433/; classtype:trojan-activity;sid:81118533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/quo87.jpg"; http_uri; depth:12; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255432/; classtype:trojan-activity;sid:81118532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/dj8sl33.jpg"; http_uri; depth:14; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255431/; classtype:trojan-activity;sid:81118531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/97801005.jpg"; http_uri; depth:15; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255430/; classtype:trojan-activity;sid:81118530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/campaign1/lighteningmediaplayer.exe"; http_uri; depth:36; isdataat:!1,relative; content:"lighteningplayer.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255429/; classtype:trojan-activity;sid:81118529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/toja/tojacry.exe"; http_uri; depth:26; isdataat:!1,relative; content:"www.gasperiniermanno.altervista.org"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255428/; classtype:trojan-activity;sid:81118528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/5xuxjnys1-kxdklnhk-604360900/"; http_uri; depth:41; isdataat:!1,relative; content:"sw.usc.edu.tw"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255427/; classtype:trojan-activity;sid:81118527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/e6u-8i7o-9741/"; http_uri; depth:22; isdataat:!1,relative; content:"consortiumgardois.eu"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255426/; classtype:trojan-activity;sid:81118526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/notiwek3j/tlkmefo/"; http_uri; depth:19; isdataat:!1,relative; content:"inovatplus.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255425/; classtype:trojan-activity;sid:81118525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/notiwek3j/ixweffkps/"; http_uri; depth:21; isdataat:!1,relative; content:"edhec.business-angels.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255424/; classtype:trojan-activity;sid:81118524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/rzsadoaq/"; http_uri; depth:21; isdataat:!1,relative; content:"mountzionsnellville.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255423/; classtype:trojan-activity;sid:81118523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fileccew10.exe"; http_uri; depth:15; isdataat:!1,relative; content:"egreetcards942.servehttp.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255422/; classtype:trojan-activity;sid:81118522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/8erfvp15823/"; http_uri; depth:21; isdataat:!1,relative; content:"www.benimeli-motor.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255421/; classtype:trojan-activity;sid:81118521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/29k1x95316/"; http_uri; depth:21; isdataat:!1,relative; content:"thegioicafe.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255420/; classtype:trojan-activity;sid:81118520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/67/"; http_uri; depth:13; isdataat:!1,relative; content:"schluesselnotdienst-koeln.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255419/; classtype:trojan-activity;sid:81118519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/6s6v12/"; http_uri; depth:20; isdataat:!1,relative; content:"www.tentransportes.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255418/; classtype:trojan-activity;sid:81118518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/g7p08692/"; http_uri; depth:17; isdataat:!1,relative; content:"howalshafikings.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255417/; classtype:trojan-activity;sid:81118517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/9td018/"; http_uri; depth:20; isdataat:!1,relative; content:"bimland.info"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255416/; classtype:trojan-activity;sid:81118516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/plugins/s3x0tf80/"; http_uri; depth:18; isdataat:!1,relative; content:"hemoshop.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255415/; classtype:trojan-activity;sid:81118515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hkxmpto/855btec8620/"; http_uri; depth:21; isdataat:!1,relative; content:"omaharefugees.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255414/; classtype:trojan-activity;sid:81118514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/9nzim5743939/"; http_uri; depth:23; isdataat:!1,relative; content:"www.carthage-industries.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255413/; classtype:trojan-activity;sid:81118513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/638884751054340122/645807915902435367/quotation_for_rfq_560001626_vs.gz"; http_uri; depth:84; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255412/; classtype:trojan-activity;sid:81118512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/bfdebdo7ur/"; http_uri; depth:23; isdataat:!1,relative; content:"downloadhanumanchalisa.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255411/; classtype:trojan-activity;sid:81118511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/xrzwr/"; http_uri; depth:16; isdataat:!1,relative; content:"transahara-hub-services.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255410/; classtype:trojan-activity;sid:81118510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/glcqg7ws52ckkbrv6nrlfgb0mdvj8cmm.png"; http_uri; depth:37; isdataat:!1,relative; content:"i.fluffy.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255409/; classtype:trojan-activity;sid:81118509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"58.114.245.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255408/; classtype:trojan-activity;sid:81118508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/system1/nmhirmsg1cqcslp.exe"; http_uri; depth:28; isdataat:!1,relative; content:"codework.business24crm.io"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255407/; classtype:trojan-activity;sid:81118507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/system1/zjsnmw23lr9wmap.exe"; http_uri; depth:28; isdataat:!1,relative; content:"codework.business24crm.io"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255406/; classtype:trojan-activity;sid:81118506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iykeman.exe"; http_uri; depth:12; isdataat:!1,relative; content:"curly-yoron-0282.sunnyday.jp"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255405/; classtype:trojan-activity;sid:81118505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/system1/tpk83jkgwkqfkpb.exe"; http_uri; depth:28; isdataat:!1,relative; content:"codework.business24crm.io"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255403/; classtype:trojan-activity;sid:81118503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blessing.exe"; http_uri; depth:13; isdataat:!1,relative; content:"curly-yoron-0282.sunnyday.jp"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255401/; classtype:trojan-activity;sid:81118501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/toja/tojacry.exe"; http_uri; depth:26; isdataat:!1,relative; content:"gasperiniermanno.altervista.org"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255400/; classtype:trojan-activity;sid:81118500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/811002.jpg"; http_uri; depth:13; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255399/; classtype:trojan-activity;sid:81118499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/putty.jpg"; http_uri; depth:12; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255398/; classtype:trojan-activity;sid:81118498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/8910036.jpg"; http_uri; depth:14; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255397/; classtype:trojan-activity;sid:81118497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/3320478.jpg"; http_uri; depth:14; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255396/; classtype:trojan-activity;sid:81118496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/974500.jpg"; http_uri; depth:13; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255395/; classtype:trojan-activity;sid:81118495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/campaign1/lighteningmediaplayer.exe"; http_uri; depth:36; isdataat:!1,relative; content:"lighteningmedialabs.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255394/; classtype:trojan-activity;sid:81118494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pqlsj/bt/"; http_uri; depth:10; isdataat:!1,relative; content:"blog.1heure1coach.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255393/; classtype:trojan-activity;sid:81118493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/71b73uxhf/"; http_uri; depth:22; isdataat:!1,relative; content:"www.maryhappygo.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255392/; classtype:trojan-activity;sid:81118492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/y3fgjn7v/"; http_uri; depth:19; isdataat:!1,relative; content:"luantao.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255391/; classtype:trojan-activity;sid:81118491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/temp/7wyd8/"; http_uri; depth:12; isdataat:!1,relative; content:"balsagarelectrical.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255390/; classtype:trojan-activity;sid:81118490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/installl/8lusl7esj/"; http_uri; depth:20; isdataat:!1,relative; content:"cornerstonefloorcarefrederick.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255388/; classtype:trojan-activity;sid:81118488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dhl%20awb.exe"; http_uri; depth:14; isdataat:!1,relative; content:"curly-yoron-0282.sunnyday.jp"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255387/; classtype:trojan-activity;sid:81118487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"186.34.4.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255386/; classtype:trojan-activity;sid:81118486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gift.exe"; http_uri; depth:9; isdataat:!1,relative; content:"naturdoctor.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255385/; classtype:trojan-activity;sid:81118485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/psdfhjksdf.exe"; http_uri; depth:15; isdataat:!1,relative; content:"cbvgdf.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255384/; classtype:trojan-activity;sid:81118484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nsdjfhkgsdhj.exe"; http_uri; depth:17; isdataat:!1,relative; content:"cbvgdf.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255383/; classtype:trojan-activity;sid:81118483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/paghfjug43.php"; http_uri; depth:15; isdataat:!1,relative; content:"pizzaonenj.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255382/; classtype:trojan-activity;sid:81118482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wpimages/wp-images/cam.msi"; http_uri; depth:27; isdataat:!1,relative; content:"nexttravel.ge"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255381/; classtype:trojan-activity;sid:81118481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wpimages/wp-images/pok.msi"; http_uri; depth:27; isdataat:!1,relative; content:"nexttravel.ge"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255380/; classtype:trojan-activity;sid:81118480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wpimages/wp-images/scan.msi"; http_uri; depth:28; isdataat:!1,relative; content:"nexttravel.ge"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255379/; classtype:trojan-activity;sid:81118479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ejczbojtj=218646"; http_uri; depth:17; isdataat:!1,relative; content:"thefork.info"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255378/; classtype:trojan-activity;sid:81118478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nwyuwsr=6499"; http_uri; depth:13; isdataat:!1,relative; content:"hivechannel3.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255377/; classtype:trojan-activity;sid:81118477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/glvvlhhfw=15530"; http_uri; depth:16; isdataat:!1,relative; content:"myegy.club"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255375/; classtype:trojan-activity;sid:81118475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/system1/tgccnngzzbpqkm8.exe"; http_uri; depth:28; isdataat:!1,relative; content:"codework.business24crm.io"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255374/; classtype:trojan-activity;sid:81118474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/update_11cr6.exe"; http_uri; depth:17; isdataat:!1,relative; content:"db1.cryptocom.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255373/; classtype:trojan-activity;sid:81118473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yxfk/setup.exe"; http_uri; depth:15; isdataat:!1,relative; content:"217.73.62.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255372/; classtype:trojan-activity;sid:81118472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nvgw/1a.exe"; http_uri; depth:12; isdataat:!1,relative; content:"217.73.62.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255371/; classtype:trojan-activity;sid:81118471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nvgw/p9.exe"; http_uri; depth:12; isdataat:!1,relative; content:"217.73.62.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255370/; classtype:trojan-activity;sid:81118470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/v1/auth_b486b5abfb004540a296ddee1b744f78/22141977/gte18363.zip"; http_uri; depth:63; isdataat:!1,relative; content:"storage.bhs5.cloud.ovh.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255369/; classtype:trojan-activity;sid:81118469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nvgw/1d.exe"; http_uri; depth:12; isdataat:!1,relative; content:"217.73.62.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255368/; classtype:trojan-activity;sid:81118468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nvgw/x2.exe"; http_uri; depth:12; isdataat:!1,relative; content:"217.73.62.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255367/; classtype:trojan-activity;sid:81118467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jun/joj.exe"; http_uri; depth:12; isdataat:!1,relative; content:"white-hita-3339.but.jp"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255366/; classtype:trojan-activity;sid:81118466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/eu/1.exe"; http_uri; depth:14; isdataat:!1,relative; content:"snupdate2.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255365/; classtype:trojan-activity;sid:81118465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/21"; http_uri; depth:3; isdataat:!1,relative; content:"185.191.229.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255364/; classtype:trojan-activity;sid:81118464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hqlw/taslhosts.exe"; http_uri; depth:19; isdataat:!1,relative; content:"217.73.62.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255363/; classtype:trojan-activity;sid:81118463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eupanda.exe"; http_uri; depth:12; isdataat:!1,relative; content:"snupdate1.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255362/; classtype:trojan-activity;sid:81118462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/stuff/dff.exe"; http_uri; depth:14; isdataat:!1,relative; content:"claudioclemente.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255361/; classtype:trojan-activity;sid:81118461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nvgw/3a.exe"; http_uri; depth:12; isdataat:!1,relative; content:"217.73.62.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255360/; classtype:trojan-activity;sid:81118460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hqlw/file.exe"; http_uri; depth:14; isdataat:!1,relative; content:"217.73.62.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255359/; classtype:trojan-activity;sid:81118459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hqlw/van.exe"; http_uri; depth:13; isdataat:!1,relative; content:"217.73.62.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255358/; classtype:trojan-activity;sid:81118458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/643536609689468968/645952392566800404/emailling_swift_copy_mt103.zip"; http_uri; depth:81; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255357/; classtype:trojan-activity;sid:81118457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/608942875857649675/609828759776002077/dddd.exe"; http_uri; depth:59; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255356/; classtype:trojan-activity;sid:81118456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aeq"; http_uri; depth:4; isdataat:!1,relative; content:"8ez.com"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255355/; classtype:trojan-activity;sid:81118455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/api/v1/download/file.json/nznfmtuymje5otdfinline=0"; http_uri; depth:51; isdataat:!1,relative; content:"web.opendrive.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255354/; classtype:trojan-activity;sid:81118454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/609744786190237708/609746992372908056/flood.pl"; http_uri; depth:59; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255353/; classtype:trojan-activity;sid:81118453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/609451207882178581/609710702235746325/13337.exe"; http_uri; depth:60; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255352/; classtype:trojan-activity;sid:81118452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/tkev18737/"; http_uri; depth:19; isdataat:!1,relative; content:"elytspaincom.ipage.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255351/; classtype:trojan-activity;sid:81118451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ankit/o7l96d9249/"; http_uri; depth:18; isdataat:!1,relative; content:"mbsinfosolution.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255350/; classtype:trojan-activity;sid:81118450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/1v62/"; http_uri; depth:15; isdataat:!1,relative; content:"wpmutest.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255349/; classtype:trojan-activity;sid:81118449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/33eb5/45c4284/"; http_uri; depth:15; isdataat:!1,relative; content:"yogeshwaranphotography.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255348/; classtype:trojan-activity;sid:81118448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/3w783/"; http_uri; depth:18; isdataat:!1,relative; content:"www.professionelelit.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255347/; classtype:trojan-activity;sid:81118447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jppost.apk"; http_uri; depth:11; isdataat:!1,relative; content:"sagawa-opo.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255346/; classtype:trojan-activity;sid:81118446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jppost.apk"; http_uri; depth:11; isdataat:!1,relative; content:"sagawa-ete.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255345/; classtype:trojan-activity;sid:81118445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jppost.apk"; http_uri; depth:11; isdataat:!1,relative; content:"sagawa-esu.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255344/; classtype:trojan-activity;sid:81118444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jppost.apk"; http_uri; depth:11; isdataat:!1,relative; content:"sagawa-esi.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255343/; classtype:trojan-activity;sid:81118443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jppost.apk"; http_uri; depth:11; isdataat:!1,relative; content:"sagawa-eki.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255342/; classtype:trojan-activity;sid:81118442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zuucb4ar"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255341/; classtype:trojan-activity;sid:81118441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/03ltbdsn"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255340/; classtype:trojan-activity;sid:81118440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; content:"157.230.32.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255339/; classtype:trojan-activity;sid:81118439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"157.230.32.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255338/; classtype:trojan-activity;sid:81118438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"157.230.32.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255337/; classtype:trojan-activity;sid:81118437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"157.230.32.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255336/; classtype:trojan-activity;sid:81118436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"157.230.32.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255335/; classtype:trojan-activity;sid:81118435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"157.230.32.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255334/; classtype:trojan-activity;sid:81118434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"157.230.32.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255333/; classtype:trojan-activity;sid:81118433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"157.230.32.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255332/; classtype:trojan-activity;sid:81118432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"157.230.32.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255331/; classtype:trojan-activity;sid:81118431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"157.230.32.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255330/; classtype:trojan-activity;sid:81118430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"157.230.32.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255329/; classtype:trojan-activity;sid:81118429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/595492404279377951/595492423841611836/dwm.exe"; http_uri; depth:58; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255328/; classtype:trojan-activity;sid:81118428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/supp.php"; http_uri; depth:9; isdataat:!1,relative; content:"potamus-press.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255327/; classtype:trojan-activity;sid:81118427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/4rfacw4n"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255326/; classtype:trojan-activity;sid:81118426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/g0ie0cpk"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255325/; classtype:trojan-activity;sid:81118425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/billisolo/billi.exe"; http_uri; depth:20; isdataat:!1,relative; content:"dubem.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255324/; classtype:trojan-activity;sid:81118424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gwmvaipm"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255323/; classtype:trojan-activity;sid:81118423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/y5zfuhjy"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255322/; classtype:trojan-activity;sid:81118422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mq3ah3vh"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255321/; classtype:trojan-activity;sid:81118421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kgr3zps7"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255320/; classtype:trojan-activity;sid:81118420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/644350090311368705/645872071162986496/assigin_document.img"; http_uri; depth:71; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255319/; classtype:trojan-activity;sid:81118419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/485025436229697536/608719309761675285/geforce_experince.exe"; http_uri; depth:72; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255318/; classtype:trojan-activity;sid:81118418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qhfe/scan00001.exe"; http_uri; depth:19; isdataat:!1,relative; content:"217.73.62.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255317/; classtype:trojan-activity;sid:81118417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hqlw/taslhost.exe"; http_uri; depth:18; isdataat:!1,relative; content:"217.73.62.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255316/; classtype:trojan-activity;sid:81118416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"155.138.224.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255314/; classtype:trojan-activity;sid:81118414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/possiblenaything.jpg"; http_uri; depth:23; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255313/; classtype:trojan-activity;sid:81118413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mpsl"; http_uri; depth:19; isdataat:!1,relative; content:"155.138.224.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255312/; classtype:trojan-activity;sid:81118412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"155.138.224.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255311/; classtype:trojan-activity;sid:81118411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/7801320.exe"; http_uri; depth:14; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255310/; classtype:trojan-activity;sid:81118410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/123069.jpg"; http_uri; depth:13; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255308/; classtype:trojan-activity;sid:81118408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/560023017.exe"; http_uri; depth:16; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255307/; classtype:trojan-activity;sid:81118407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"155.138.224.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255306/; classtype:trojan-activity;sid:81118406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"155.138.224.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255304/; classtype:trojan-activity;sid:81118404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; content:"155.138.224.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255303/; classtype:trojan-activity;sid:81118403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; content:"155.138.224.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255302/; classtype:trojan-activity;sid:81118402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"155.138.224.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255301/; classtype:trojan-activity;sid:81118401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.spc"; http_uri; depth:18; isdataat:!1,relative; content:"155.138.224.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255300/; classtype:trojan-activity;sid:81118400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; content:"155.138.224.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255299/; classtype:trojan-activity;sid:81118399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"155.138.224.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255298/; classtype:trojan-activity;sid:81118398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/agent_140020000.exe"; http_uri; depth:20; isdataat:!1,relative; content:"agent-14.s3.us-east-2.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255296/; classtype:trojan-activity;sid:81118396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/yukx8/"; http_uri; depth:18; isdataat:!1,relative; content:"bellespianoclass.com.sg"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255295/; classtype:trojan-activity;sid:81118395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ayz/vub6vr6p/"; http_uri; depth:14; isdataat:!1,relative; content:"sofizay.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255294/; classtype:trojan-activity;sid:81118394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/360/5lnowj/"; http_uri; depth:12; isdataat:!1,relative; content:"demo.voolatech.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255293/; classtype:trojan-activity;sid:81118393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/hb9/"; http_uri; depth:17; isdataat:!1,relative; content:"www.prettyangelsbaptism.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255292/; classtype:trojan-activity;sid:81118392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/32hx/tpe/"; http_uri; depth:10; isdataat:!1,relative; content:"www.cevizmedia.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255291/; classtype:trojan-activity;sid:81118391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/software/lockdownutilityv10.exe"; http_uri; depth:32; isdataat:!1,relative; content:"drivers.cybertill.co.uk"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255289/; classtype:trojan-activity;sid:81118389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/34100.exe"; http_uri; depth:12; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255288/; classtype:trojan-activity;sid:81118388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255287/; classtype:trojan-activity;sid:81118387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255286/; classtype:trojan-activity;sid:81118386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255285/; classtype:trojan-activity;sid:81118385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255284/; classtype:trojan-activity;sid:81118384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255283/; classtype:trojan-activity;sid:81118383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255282/; classtype:trojan-activity;sid:81118382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255281/; classtype:trojan-activity;sid:81118381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255280/; classtype:trojan-activity;sid:81118380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255279/; classtype:trojan-activity;sid:81118379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255278/; classtype:trojan-activity;sid:81118378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255277/; classtype:trojan-activity;sid:81118377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255276/; classtype:trojan-activity;sid:81118376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ibwmhepdi/"; http_uri; depth:20; isdataat:!1,relative; content:"67373.vip"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255275/; classtype:trojan-activity;sid:81118375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/06ogog-00oos2b97-193/"; http_uri; depth:27; isdataat:!1,relative; content:"umainc.in"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255274/; classtype:trojan-activity;sid:81118374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/notiwek3j/3rjo15-5ga-771630607/"; http_uri; depth:32; isdataat:!1,relative; content:"conquistaeseducao.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255273/; classtype:trojan-activity;sid:81118373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/xrewohy/"; http_uri; depth:18; isdataat:!1,relative; content:"uegenesaret.000webhostapp.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255272/; classtype:trojan-activity;sid:81118372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/kapjwkjb/"; http_uri; depth:19; isdataat:!1,relative; content:"www.keyscourt.co.uk"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255271/; classtype:trojan-activity;sid:81118371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"82.80.176.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255269/; classtype:trojan-activity;sid:81118369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/5gk9falv-n1tv6srj-93/"; http_uri; depth:31; isdataat:!1,relative; content:"laptoptable.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255268/; classtype:trojan-activity;sid:81118368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/e224eyt-puc5mq-7528675/"; http_uri; depth:36; isdataat:!1,relative; content:"westcomb.co"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255267/; classtype:trojan-activity;sid:81118367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sqzspkqgg/"; http_uri; depth:23; isdataat:!1,relative; content:"www.herlash.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255266/; classtype:trojan-activity;sid:81118366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/all-in-one-wp-migration/storage/kj5rs-5zfv-5657961695/"; http_uri; depth:74; isdataat:!1,relative; content:"www.littlestarmedia.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255265/; classtype:trojan-activity;sid:81118365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/notiwek3j/qhlqde/"; http_uri; depth:18; isdataat:!1,relative; content:"sacev.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255264/; classtype:trojan-activity;sid:81118364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.php"; http_uri; depth:13; isdataat:!1,relative; content:"onedrive-live-en.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255263/; classtype:trojan-activity;sid:81118363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fqnote_1141.exe"; http_uri; depth:16; isdataat:!1,relative; content:"down.allthelive.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255262/; classtype:trojan-activity;sid:81118362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/steam/ren001.exe"; http_uri; depth:17; isdataat:!1,relative; content:"down.1919wan.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255260/; classtype:trojan-activity;sid:81118360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.php"; http_uri; depth:13; isdataat:!1,relative; content:"dl1.onedrive-live-en.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_11_19; reference:url, urlhaus.abuse.ch/url/255259/; classtype:trojan-activity;sid:81118359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"109.104.197.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255257/; classtype:trojan-activity;sid:81118357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/duccrzucb/"; http_uri; depth:23; isdataat:!1,relative; content:"www.nextgentechnologybd.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255256/; classtype:trojan-activity;sid:81118356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/html/f6laj5z/"; http_uri; depth:14; isdataat:!1,relative; content:"carrentalwebsite.biz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255255/; classtype:trojan-activity;sid:81118355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/cbn86j/"; http_uri; depth:17; isdataat:!1,relative; content:"doxaonline.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255254/; classtype:trojan-activity;sid:81118354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/stats/f6t/"; http_uri; depth:11; isdataat:!1,relative; content:"lashlabplus.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255253/; classtype:trojan-activity;sid:81118353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/notiwek3j/hqsubx1m4v/"; http_uri; depth:22; isdataat:!1,relative; content:"suprcoolsupplies.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255252/; classtype:trojan-activity;sid:81118352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cd/0/get/aspw8fak2zxagkeqn7anfxfrxp9ykc8qpba4ulmy_r-cukbr4xu8rqec0olq1uj_w0pltprseeoi_ogi2eyswcqi4jgp_byhl_ad6mtnhhciwub3-qkm8t6pl1k8qwnqzja/filedl=1"; http_uri; depth:150; isdataat:!1,relative; content:"uc0895e20f9ae4cc93630b07485c.dl.dropboxusercontent.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255250/; classtype:trojan-activity;sid:81118350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/b5zg7ypci51gwv3/po%20gmchf00006990.docdl=1"; http_uri; depth:45; isdataat:!1,relative; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255249/; classtype:trojan-activity;sid:81118349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/coming-soon/zka04522/"; http_uri; depth:41; isdataat:!1,relative; content:"marginatea.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255248/; classtype:trojan-activity;sid:81118348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/myargoscard-online.co.uk/rkjef44427/"; http_uri; depth:37; isdataat:!1,relative; content:"ethecal.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255247/; classtype:trojan-activity;sid:81118347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/9rbngj0166/"; http_uri; depth:23; isdataat:!1,relative; content:"vibrastudio.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255246/; classtype:trojan-activity;sid:81118346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/qqo9mv7622/"; http_uri; depth:23; isdataat:!1,relative; content:"albertmarashistudio.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255245/; classtype:trojan-activity;sid:81118345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/14v9677/"; http_uri; depth:18; isdataat:!1,relative; content:"thesageforce.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255244/; classtype:trojan-activity;sid:81118344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fqnote_1145.exe"; http_uri; depth:16; isdataat:!1,relative; content:"down.allthelive.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255243/; classtype:trojan-activity;sid:81118343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lavin/vbc.exe"; http_uri; depth:14; isdataat:!1,relative; content:"lavinch.firewall-gateway.de"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255242/; classtype:trojan-activity;sid:81118342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/181119uiehswfg.jpg"; http_uri; depth:19; isdataat:!1,relative; content:"107.172.39.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255240/; classtype:trojan-activity;sid:81118340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/ddtss.hta"; http_uri; depth:12; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255239/; classtype:trojan-activity;sid:81118339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/mounts.png"; http_uri; depth:18; isdataat:!1,relative; content:"66.55.71.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255238/; classtype:trojan-activity;sid:81118338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/fedraw.png"; http_uri; depth:18; isdataat:!1,relative; content:"66.55.71.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255237/; classtype:trojan-activity;sid:81118337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/lotcus.png"; http_uri; depth:18; isdataat:!1,relative; content:"66.55.71.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255236/; classtype:trojan-activity;sid:81118336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/643502441517809705/644796623884648448/tracking_number_9867645.jar"; http_uri; depth:78; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255235/; classtype:trojan-activity;sid:81118335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ang/svch.exe"; http_uri; depth:13; isdataat:!1,relative; content:"lavinch.firewall-gateway.de"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255234/; classtype:trojan-activity;sid:81118334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.x86"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.250.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255233/; classtype:trojan-activity;sid:81118333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.250.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255232/; classtype:trojan-activity;sid:81118332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.250.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255231/; classtype:trojan-activity;sid:81118331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.250.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255230/; classtype:trojan-activity;sid:81118330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.250.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255229/; classtype:trojan-activity;sid:81118329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.spc"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.250.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255228/; classtype:trojan-activity;sid:81118328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.arm"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.250.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255227/; classtype:trojan-activity;sid:81118327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.250.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255226/; classtype:trojan-activity;sid:81118326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.250.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255225/; classtype:trojan-activity;sid:81118325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.250.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255224/; classtype:trojan-activity;sid:81118324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.mips"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.250.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255223/; classtype:trojan-activity;sid:81118323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gunit/news/data/upimages/ad2/"; http_uri; depth:30; isdataat:!1,relative; content:"hiphopgame.ihiphop.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255222/; classtype:trojan-activity;sid:81118322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iuk/e3kwde/"; http_uri; depth:12; isdataat:!1,relative; content:"crosbysmolasses.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255221/; classtype:trojan-activity;sid:81118321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lkg/451jpm/"; http_uri; depth:12; isdataat:!1,relative; content:"www.patrickblay.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255220/; classtype:trojan-activity;sid:81118320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wzcdusx/cache/qla55/"; http_uri; depth:21; isdataat:!1,relative; content:"globalip.murgitroyd.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255219/; classtype:trojan-activity;sid:81118319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/agentseo/wp-content/uploads/40/"; http_uri; depth:32; isdataat:!1,relative; content:"agent-seo.jp"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255218/; classtype:trojan-activity;sid:81118318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ang/vbc.exe"; http_uri; depth:12; isdataat:!1,relative; content:"lavinch.firewall-gateway.de"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255217/; classtype:trojan-activity;sid:81118317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aceparis.exe"; http_uri; depth:13; isdataat:!1,relative; content:"efore.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255216/; classtype:trojan-activity;sid:81118316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/up.jpg"; http_uri; depth:7; isdataat:!1,relative; content:"laboratorioaja.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255215/; classtype:trojan-activity;sid:81118315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/toneyshelby/77yduyu/master/masksim.exe"; http_uri; depth:39; isdataat:!1,relative; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255214/; classtype:trojan-activity;sid:81118314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/jkhorgefm/"; http_uri; depth:20; isdataat:!1,relative; content:"vidiyo.me"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255213/; classtype:trojan-activity;sid:81118313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/cmqnqx/"; http_uri; depth:18; isdataat:!1,relative; content:"www.ztqy168.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255212/; classtype:trojan-activity;sid:81118312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/setupconfigo/r2haes8p-ee8luskzee-687994/"; http_uri; depth:41; isdataat:!1,relative; content:"mapa.media"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255211/; classtype:trojan-activity;sid:81118311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/1acdxfc-dcynlki-264/"; http_uri; depth:32; isdataat:!1,relative; content:"igog.net"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255210/; classtype:trojan-activity;sid:81118310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/xcczcv/"; http_uri; depth:19; isdataat:!1,relative; content:"www.reza-khosravi.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255209/; classtype:trojan-activity;sid:81118309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmt.exe"; http_uri; depth:8; isdataat:!1,relative; content:"efore.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255208/; classtype:trojan-activity;sid:81118308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/angl/svch.exe"; http_uri; depth:14; isdataat:!1,relative; content:"lavinch.firewall-gateway.de"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255207/; classtype:trojan-activity;sid:81118307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/angl/vbc.exe"; http_uri; depth:13; isdataat:!1,relative; content:"lavinch.firewall-gateway.de"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255206/; classtype:trojan-activity;sid:81118306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"178.128.250.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255205/; classtype:trojan-activity;sid:81118305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"178.128.250.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255204/; classtype:trojan-activity;sid:81118304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"178.128.250.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255203/; classtype:trojan-activity;sid:81118303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"178.128.250.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255202/; classtype:trojan-activity;sid:81118302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"178.128.250.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255201/; classtype:trojan-activity;sid:81118301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/site_backup_dec232012/891718/"; http_uri; depth:30; isdataat:!1,relative; content:"diversitywealth.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255200/; classtype:trojan-activity;sid:81118300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/jp501049/"; http_uri; depth:21; isdataat:!1,relative; content:"jogjatourholiday.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255199/; classtype:trojan-activity;sid:81118299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/h5235/"; http_uri; depth:26; isdataat:!1,relative; content:"www.macexpertguide.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255198/; classtype:trojan-activity;sid:81118298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/jexds9901/"; http_uri; depth:20; isdataat:!1,relative; content:"docs.sunmi.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255197/; classtype:trojan-activity;sid:81118297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/o4ma10117/"; http_uri; depth:20; isdataat:!1,relative; content:"www.itmsas.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255195/; classtype:trojan-activity;sid:81118295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"178.128.250.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255194/; classtype:trojan-activity;sid:81118294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"178.128.250.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255193/; classtype:trojan-activity;sid:81118293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"178.128.250.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255192/; classtype:trojan-activity;sid:81118292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"178.128.250.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255191/; classtype:trojan-activity;sid:81118291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"178.128.250.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255190/; classtype:trojan-activity;sid:81118290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"178.128.250.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255189/; classtype:trojan-activity;sid:81118289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"178.128.250.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255187/; classtype:trojan-activity;sid:81118287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/wajgxnyp"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255186/; classtype:trojan-activity;sid:81118286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/civ2q8f/"; http_uri; depth:21; isdataat:!1,relative; content:"www.cuteandroid.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255185/; classtype:trojan-activity;sid:81118285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/9au/"; http_uri; depth:16; isdataat:!1,relative; content:"savewaytech.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255184/; classtype:trojan-activity;sid:81118284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/zn45k0/"; http_uri; depth:20; isdataat:!1,relative; content:"sanbdshungthinh.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255183/; classtype:trojan-activity;sid:81118283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/kqo/"; http_uri; depth:17; isdataat:!1,relative; content:"gronchoestudio.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255182/; classtype:trojan-activity;sid:81118282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/db8b/"; http_uri; depth:17; isdataat:!1,relative; content:"65k2.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255181/; classtype:trojan-activity;sid:81118281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/ddtss.exe"; http_uri; depth:12; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255180/; classtype:trojan-activity;sid:81118280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/1556077.jpg"; http_uri; depth:14; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255179/; classtype:trojan-activity;sid:81118279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/11/remittance_v00005-eft0002alt_pdf.jar"; http_uri; depth:64; isdataat:!1,relative; content:"onlykissme.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255178/; classtype:trojan-activity;sid:81118278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/643600184579850271/643601185462288395/freediscordnitro.exe"; http_uri; depth:71; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255177/; classtype:trojan-activity;sid:81118277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1zvmqj5wrfr-ofslimurxg5uum4liedge|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255176/; classtype:trojan-activity;sid:81118276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1zpo5m3k2fz9kcsvcbbx_1s_336ai2joz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255175/; classtype:trojan-activity;sid:81118275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1zmijvq7xmhednpurxh7-op36doe6meoz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255174/; classtype:trojan-activity;sid:81118274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1z08lcjxsdpmgg8c9vwz-gb-foeabdauc|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255173/; classtype:trojan-activity;sid:81118273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1yvfbintdm2-se5ec3_unhkmc8bax1nvw|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255172/; classtype:trojan-activity;sid:81118272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1yjgn_ppnwqy9epwb1d2fxtgmxt-f2c-d|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255171/; classtype:trojan-activity;sid:81118271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1yi6qdiqcc6rglsth2sbyk1tooic3xite|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255170/; classtype:trojan-activity;sid:81118270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1yowkabbblqa8cry1cmtn3o9hbkjb7rlw|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255169/; classtype:trojan-activity;sid:81118269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ybnf5b0wjumjcc6mf2tvblow4z47lwks|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255168/; classtype:trojan-activity;sid:81118268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1y0cdeofmvzanaornb7qd3uxd8fvlwr_v|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255167/; classtype:trojan-activity;sid:81118267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xrul88gxnifet44zzrkfagzw2al-x7sl|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255166/; classtype:trojan-activity;sid:81118266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xm_mromheqxe3h1z2hsvuxplggqxs3wn|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255165/; classtype:trojan-activity;sid:81118265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xl5dgrhqvmdvmcg_pcqgzntgkj9gzovz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255164/; classtype:trojan-activity;sid:81118264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xjemuuvwq-ky1elevnc6cwzioic23qny|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255163/; classtype:trojan-activity;sid:81118263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xkqo_vjdbhqnz2kvsapeb_4zcsl-rf78|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255162/; classtype:trojan-activity;sid:81118262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xcg5k6_zbhod9yrjd7fls6f0kctlyktb|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255161/; classtype:trojan-activity;sid:81118261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1x-3h7_jaq3axyoohnqfy-yeq1lfos1-q|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255160/; classtype:trojan-activity;sid:81118260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wxhvxpjt68phi7ugx75vh_sczzvet57f|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255159/; classtype:trojan-activity;sid:81118259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wpmh46j96h0pzqsgkrnl3-s33cggamof|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255158/; classtype:trojan-activity;sid:81118258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wdcq-vun3jj1k1a_3huevek57ghrizkp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255157/; classtype:trojan-activity;sid:81118257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wzk-5kh0vkgrqzoc6yxx9urkrewetyp_|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255156/; classtype:trojan-activity;sid:81118256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wpka7mfri_awdshyausgrksa8zze06ip|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255155/; classtype:trojan-activity;sid:81118255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1wfcze2jqsouhwohohnvn46c4bnlpzbf3|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255154/; classtype:trojan-activity;sid:81118254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1vnyjx5qvnrmpia1yoejtqjkpnxmdc7xd|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255153/; classtype:trojan-activity;sid:81118253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ve4_qm_jzxh8j-fp71vjercmwdmy1kx9|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255152/; classtype:trojan-activity;sid:81118252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1vvtcuhbbfqa0as4uxkwuw5rsu5rmnmfw|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255151/; classtype:trojan-activity;sid:81118251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1vsrnmukla2fahvvsxplploerukh6lk_r|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255150/; classtype:trojan-activity;sid:81118250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1vedktcperxxkmp4go-ay7oxrlkgjf_wt|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255149/; classtype:trojan-activity;sid:81118249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1utsfp_rpaedmr0qf8gztwbnpzkqzjjmw|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255148/; classtype:trojan-activity;sid:81118248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1uqbe1sum5zchtfdb7b6leztn4i2ceu8_|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255147/; classtype:trojan-activity;sid:81118247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1uatjs_ho7k-dsk0dk7i2yw-xowp8hnby|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255146/; classtype:trojan-activity;sid:81118246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1uz7zrzxukwi_9f98xmcuypcjkufwxjxp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255145/; classtype:trojan-activity;sid:81118245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1uxypuox39lsd0cx3toy48h5okogzxwq0|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255144/; classtype:trojan-activity;sid:81118244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1trocnzwp9b637xe35jmgxuoe3wju_jmr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255143/; classtype:trojan-activity;sid:81118243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1tdy41khsvwejtv_vplu5rrj4bxksbupm|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255142/; classtype:trojan-activity;sid:81118242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1tipxjwxmiofiyabtueewboqrd4ky6jxe|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255141/; classtype:trojan-activity;sid:81118241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1tfvk3nhzdj_9gm9ijkwtiurbr8o-lps5|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255140/; classtype:trojan-activity;sid:81118240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1t9zhzcvl4_asiofmb0xvi8llm-s6il-q|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255139/; classtype:trojan-activity;sid:81118239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1t7bfbvwii1owbq9tzl_cophbjtysbanu|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255138/; classtype:trojan-activity;sid:81118238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1t6lhsop9sc3zffatwlkedkzaof6tg7eu|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255137/; classtype:trojan-activity;sid:81118237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1t64us9nuocsvxb80jjtzmtbd9ndu6l9g|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255136/; classtype:trojan-activity;sid:81118236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1rwl86b6eygemmmz20rcjyllbs58qequo|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255135/; classtype:trojan-activity;sid:81118235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1rkbvmyjh-endv7iuby8atg7qjma1_ry_|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255134/; classtype:trojan-activity;sid:81118234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1rfqpi7xbrjfo8ccuhivftqjbyanbhwwr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255133/; classtype:trojan-activity;sid:81118233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1r_y9xv1blgka0g6pqjyl961obspvcyb4|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255132/; classtype:trojan-activity;sid:81118232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1t0egs3g9hmqviisvkowkwiyrxqn-r_2x|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255131/; classtype:trojan-activity;sid:81118231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ssusk--opsjiaw9ozjo9onqoktx9757a|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255130/; classtype:trojan-activity;sid:81118230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1smkqxvmmu8arwlcwk0v5jxvkx_l0xkxe|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255129/; classtype:trojan-activity;sid:81118229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1sj5x0ihgtj7pnjt15anp94pwmpbhmdfl|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255128/; classtype:trojan-activity;sid:81118228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1sftt-cmx_ycmxpcf4ot_3o3w9esknzhf|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255127/; classtype:trojan-activity;sid:81118227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1sfae-tqe6qsf27mzkdpdo40c6xpau-de|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255126/; classtype:trojan-activity;sid:81118226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1s6upkb2ztetmklcesc2kfi5a_ncdlegs|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255125/; classtype:trojan-activity;sid:81118225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ryea823iv_k8wemcxk4qukvlwwvmtowj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255124/; classtype:trojan-activity;sid:81118224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1rxhs2t4cu48tm1otuhxhglexbu1uipww|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255123/; classtype:trojan-activity;sid:81118223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1rv-xoqkdune3ps7uvnpicp1hqsqww2pc|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255122/; classtype:trojan-activity;sid:81118222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1rpddcfeani8msjqx3tcoydrfjajwphjt|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255121/; classtype:trojan-activity;sid:81118221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1raj_hgyxjl3gqajgwzlmbef7nd1kzv-x|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255120/; classtype:trojan-activity;sid:81118220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1qaakqmxyqvc00nx6jltt9hpmaqjcspnt|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255119/; classtype:trojan-activity;sid:81118219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1q2fdypducy92clh4hqphtq8wcmh442a7|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255118/; classtype:trojan-activity;sid:81118218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1phwbjd1fyada-fpmxrrmcedr_5yl4shf|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255117/; classtype:trojan-activity;sid:81118217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1pc8v5kjiflt7n5n-_vpmw5diowbvwv0t|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255116/; classtype:trojan-activity;sid:81118216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1pb8tfhshevcsf2l8uj7puvabnr881jak|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255115/; classtype:trojan-activity;sid:81118215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1parcbob3dwotqwfobzto-0dq0vdzbyzl|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255114/; classtype:trojan-activity;sid:81118214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1pxniupjtp_ifdsmtty_trsp7mqiizaa0|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255113/; classtype:trojan-activity;sid:81118213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1psutxpwhjtgu8hf7jvgdhzl5hykw1kmt|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255112/; classtype:trojan-activity;sid:81118212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1pjwjpwc4ifert2vdar2wdpd-urou4bxi|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255111/; classtype:trojan-activity;sid:81118211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1panhnywmxujugekt0wjibiglbej5n38l|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255110/; classtype:trojan-activity;sid:81118210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1p65fia1o0tjobkirtaxvxn1ufokhgmd4|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255109/; classtype:trojan-activity;sid:81118209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1p1dkumyvcdtlrmrefghifa1sy5vpuhkh|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255108/; classtype:trojan-activity;sid:81118208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1oiakocsrx9bq24k25bb4kbhothabhxwd|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255107/; classtype:trojan-activity;sid:81118207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1oeohazrcbbyqcg861_53kibq4ogdxkxc|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255106/; classtype:trojan-activity;sid:81118206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1o7qcgmm6g-gwhw3jbsago3rbxauls72m|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255105/; classtype:trojan-activity;sid:81118205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ntapk31n016s3nomsclty1ppfmvvzmgb|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255104/; classtype:trojan-activity;sid:81118204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1nqcmjmqks9eud-hoxgqubdtwlyh0iltl|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255103/; classtype:trojan-activity;sid:81118203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1nrymtl1aqth4u8oo1oua2ukiy-baixtb|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255102/; classtype:trojan-activity;sid:81118202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1n-thn863xenhrsdvdmxm7oaywlpbm5v0|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255101/; classtype:trojan-activity;sid:81118201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mkosqklprloawroycxkxjy_srzqt0yjz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255100/; classtype:trojan-activity;sid:81118200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mh-_azlfmznwlff8armjspmujz4uxod_|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255099/; classtype:trojan-activity;sid:81118199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mgoozjuxg3-l7roodvj30yjujv4_w2rt|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255098/; classtype:trojan-activity;sid:81118198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mbggfwdhtuhw-llsslzv3cjvbzw2mbnm|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255097/; classtype:trojan-activity;sid:81118197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mzkh8yfwf4k2nesy5sv5dccqyu69lif7|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255096/; classtype:trojan-activity;sid:81118196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mxnoecyb0yvdvowa-b9ts-rjm2h1z_wr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255095/; classtype:trojan-activity;sid:81118195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1m3zpbgsxn9ahyzrg3bgudt1ptkwqwhd_|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255094/; classtype:trojan-activity;sid:81118194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1m-cifhfsbpy3z70-huchz7sqv7vdruvp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255093/; classtype:trojan-activity;sid:81118193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1lfmpmwvu9m8ob8kg6uo-tdrailukbhb3|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255092/; classtype:trojan-activity;sid:81118192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1lqeq0pr7pgbtxwbidl1nnqrgx0e95g2g|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255091/; classtype:trojan-activity;sid:81118191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1loxdm_vnbagocco5ju610_dmm7y7jfop|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255090/; classtype:trojan-activity;sid:81118190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1lfiajqawmvw0gctym_fgazvccodanjzt|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255089/; classtype:trojan-activity;sid:81118189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1l8koerzgupxixyt8ns71fkyqyr5prxcb|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255088/; classtype:trojan-activity;sid:81118188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1l5y6nuigh_3fggopl2n2sbe5e7_42ymn|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255087/; classtype:trojan-activity;sid:81118187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kxuwoincu0tpm4p0idefxpn9_frizkyi|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255086/; classtype:trojan-activity;sid:81118186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kn68zx14xmbd5vfqphta-rthcmnonily|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255085/; classtype:trojan-activity;sid:81118185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kjxpwxfczlz-bw0qpejdkfkwmzpxevyh|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255084/; classtype:trojan-activity;sid:81118184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ke3b6rrg1p-jkjdt-elt68miq9iswxri|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255083/; classtype:trojan-activity;sid:81118183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kbyzfdpld_ver2i4jygfbbxsndwohha9|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255082/; classtype:trojan-activity;sid:81118182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kayq0in6bj_z8k8zrunrul_ztysi356g|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255081/; classtype:trojan-activity;sid:81118181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1k7nbjmnfask4lrrdjxgnnhdcnks6pt1w|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255080/; classtype:trojan-activity;sid:81118180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1k43yn_sqjj2ffezbl5qcstu2jpg-ljho|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255079/; classtype:trojan-activity;sid:81118179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1k1-eoqu0cecqtgne7c8wgbfkm4l62frv|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255078/; classtype:trojan-activity;sid:81118178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1k-tcmnbjt4xuyapfvckmwbyrkhhawsqj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255077/; classtype:trojan-activity;sid:81118177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1jsru_gcx6ij6lsxbqjv4hygj-0ngb2q-|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255076/; classtype:trojan-activity;sid:81118176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1jzluyjtmgebrnkfh7zjksxnzlgri8qzg|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255075/; classtype:trojan-activity;sid:81118175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1jdvvrbj5r_avwjr0_sttmke_iu7dkz2x|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255074/; classtype:trojan-activity;sid:81118174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ilvzgkq8bzmkankori_fqodsljvlwo2q|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255073/; classtype:trojan-activity;sid:81118173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ifk4yajx-itshnehyzk5hejwjgx2lzvt|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255072/; classtype:trojan-activity;sid:81118172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ibwythgiog0gdvezri7swbj8swg8ox6-|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255071/; classtype:trojan-activity;sid:81118171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1i3y2z8oychigtb4gw27mqqkj0knpqoql|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255070/; classtype:trojan-activity;sid:81118170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1hpa7mx_j4hksrz4fmwc_lt98hmiohddh|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255069/; classtype:trojan-activity;sid:81118169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1he0fnhleumglzfm8lc6ufo-yumwoka7h|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255068/; classtype:trojan-activity;sid:81118168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1he-o_hlkvnoybdseqdradqswvlocqcbw|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255067/; classtype:trojan-activity;sid:81118167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1hdwhesqkvcr4xyiaa83rz-lrkbvgqizj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255066/; classtype:trojan-activity;sid:81118166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1hddrfxf3u-yl25mk03tdlprj61zkkj1z|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255065/; classtype:trojan-activity;sid:81118165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1hnttupwbutvevuovleuks0jlwpjllt60|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255064/; classtype:trojan-activity;sid:81118164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1h9krgombydb1wynnkolmlgkw8hafimv6|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255063/; classtype:trojan-activity;sid:81118163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gyg37bzu8yeo03swxbqhb3piayosq0-v|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255062/; classtype:trojan-activity;sid:81118162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gld94sqcg7rpjoaoicroata5forfk7cd|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255061/; classtype:trojan-activity;sid:81118161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1glk8ofpal1fks8tantmlxxha7almdnbr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255060/; classtype:trojan-activity;sid:81118160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gfc9klryupoexi1ddvl05vflnonvqwwl|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255059/; classtype:trojan-activity;sid:81118159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gcziw_xc8fgp3vewhafwwttc3aqzqkbb|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255058/; classtype:trojan-activity;sid:81118158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gcwguwansjixd_taslzycu3qjlyrcwhd|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255057/; classtype:trojan-activity;sid:81118157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gb29obgw6ntjheyj0cqkg3e8qal3z4r0|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255056/; classtype:trojan-activity;sid:81118156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1g0elsqydc0awv0ambxxibpijwovmkexj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255055/; classtype:trojan-activity;sid:81118155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ft7k85xv6yej_opjpvij5an9quwakzcl|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255054/; classtype:trojan-activity;sid:81118154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1fpy80xlwp-eopop8e4-e_mstjeevydgw|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255053/; classtype:trojan-activity;sid:81118153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1fkuo0mm517wmipzjoiz-fkkvx24-4dmx|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255052/; classtype:trojan-activity;sid:81118152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1fdklhh_xacn1x-m5yf1myzuqgxpjfqhj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255051/; classtype:trojan-activity;sid:81118151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1fwqt9h80ih9p4xdijaufhidvzx_uwzx7|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255050/; classtype:trojan-activity;sid:81118150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ftwopes47gw_khc-xzuyzlxffebms32l|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255049/; classtype:trojan-activity;sid:81118149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1evi4mn8rdjgf9chhshcrps9a2l2zo4p7|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255048/; classtype:trojan-activity;sid:81118148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1erczcrivx0qdon00mva6cruueelszu2d|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255047/; classtype:trojan-activity;sid:81118147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1eeeetwehke9w08uwqbqxyuynjl0jrgy7|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255046/; classtype:trojan-activity;sid:81118146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ea74n0h6t9eewgkujzo4dy_cyyihd2f-|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255045/; classtype:trojan-activity;sid:81118145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dvkzj-opb7m_ktpklrsqrsqadf17wh1d|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255044/; classtype:trojan-activity;sid:81118144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ds-srdcmeekdochheeorjpifkgxk9zqg|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255043/; classtype:trojan-activity;sid:81118143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1drbgbh4d3c4nyfjneld72kjy1zryen4z|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255042/; classtype:trojan-activity;sid:81118142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dczgqn5ldt5_8yudiqjsbctxvqmbe5wf|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255041/; classtype:trojan-activity;sid:81118141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dm9occge3uokuzap4jqnjmhdiucbn5re|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255040/; classtype:trojan-activity;sid:81118140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dlw5odw28z-1axou3dsitpeutaw3xogk|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255039/; classtype:trojan-activity;sid:81118139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1diuznvk-5pfggovpejiwxtwnks7af5gg|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255038/; classtype:trojan-activity;sid:81118138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dft1y7__g-pz8sprvbvzfx6gnzo3g3rk|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255037/; classtype:trojan-activity;sid:81118137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1d6sl_tkc3g5hkgg3jkk_8nyanpmewyjo|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255036/; classtype:trojan-activity;sid:81118136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1d2sroili5mo5kza-xsaak9xbmdpvgrv-|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255035/; classtype:trojan-activity;sid:81118135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ce0eby7cbkanplwpnhxpu6ql-coi3rxr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255034/; classtype:trojan-activity;sid:81118134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1bhny3qkwab77vtusqchaub1crphk90cv|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255033/; classtype:trojan-activity;sid:81118133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1beq80fhqi6sand_g2efmdqkytoo_youe|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255032/; classtype:trojan-activity;sid:81118132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1bwz0n4ft_ech5pb36viq_m7tpges702x|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255031/; classtype:trojan-activity;sid:81118131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1bvevsxwoyp2oa4er_9zzyvfwa2qsqbg_|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255030/; classtype:trojan-activity;sid:81118130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1bhl81bc0to1cej3hfmahuzyheo01pqod|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255029/; classtype:trojan-activity;sid:81118129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1benyevz-tvv79zd_-fpbcsdzgyubefbd|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255028/; classtype:trojan-activity;sid:81118128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1bcb5pf079yv8fyyph1va4d2hz8cgfay5|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255027/; classtype:trojan-activity;sid:81118127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1auezaru1aadmuarg0w5u6u1qjkf31djv|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255026/; classtype:trojan-activity;sid:81118126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1autfpalmuuu4rdmuko8uxmuehjjrrawn|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255025/; classtype:trojan-activity;sid:81118125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ao0n0uaahj4f8xdxlnpo97fbcbe9icyg|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255024/; classtype:trojan-activity;sid:81118124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1aee14gkpjztt2pf9t5p0d_ikcn3g-msz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255023/; classtype:trojan-activity;sid:81118123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1apgwrnepudcwaa5xx7ss9ps31nmejann|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255022/; classtype:trojan-activity;sid:81118122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1aircuc7ffaffflsjguuuda1w8l51imik|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255021/; classtype:trojan-activity;sid:81118121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1acjzrk-ay9pckdrs9oglwyokwqpdmye4|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255020/; classtype:trojan-activity;sid:81118120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1a40hhq-jggcutxl6yyikyfad1kb68fak|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255019/; classtype:trojan-activity;sid:81118119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1_pfmbbt7ibkp6pe0hfytl9vp1kwkpc8e|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255018/; classtype:trojan-activity;sid:81118118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1_ufnpljxrjfpzx9jcqym0fhc9j2auad6|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255017/; classtype:trojan-activity;sid:81118117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1_no3ukayi3aowypyxgen_4lf9r_qj5v1|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255016/; classtype:trojan-activity;sid:81118116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1_mjtrxn0sndobrz2_jhtitw0udjjh8_x|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255015/; classtype:trojan-activity;sid:81118115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1zt54exugolgih05-zgwvu678xmejv4vg|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255014/; classtype:trojan-activity;sid:81118114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1zr1gulp4e1mg_ckvgnbvanqkrqtw-b9u|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255013/; classtype:trojan-activity;sid:81118113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1zo2sv5lrakfspk12aiwneeuc8egxtajb|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255012/; classtype:trojan-activity;sid:81118112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1znckb6win_g_okt09npplgwjd9zheuxy|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255011/; classtype:trojan-activity;sid:81118111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1zfqotwhl8efaot9c12m6d202mx9ah7yh|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255010/; classtype:trojan-activity;sid:81118110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1zbc1uc3_e6k2kakngexvda5xbtzw9fqw|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255009/; classtype:trojan-activity;sid:81118109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1z8umbu9jddccesr-cwazdrugy8hph6ke|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255008/; classtype:trojan-activity;sid:81118108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1z6q3w14nckihrtfxm-r05bp5dwhozdqb|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255007/; classtype:trojan-activity;sid:81118107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1z4zpyumqxifqr55_prtz8qmzqb1tr9ip|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255006/; classtype:trojan-activity;sid:81118106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1yi9oi4qyn3unl6rsf7ji6-mqa5_z0cwg|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255005/; classtype:trojan-activity;sid:81118105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ym1pclf5kcvjlwrnl7kyo1wa106brfuf|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255004/; classtype:trojan-activity;sid:81118104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ycricmfwnatdzewhxawyq4zzcs1vbwzq|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255003/; classtype:trojan-activity;sid:81118103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1y3seorr7bivetfcvjsbmnn988ux_lnjt|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255002/; classtype:trojan-activity;sid:81118102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xxxzrmrsuip3okql88imrdli2fquj_h2|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255001/; classtype:trojan-activity;sid:81118101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xvpz_wjvdsxszicfzvog24ibsq5zjflf|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/255000/; classtype:trojan-activity;sid:81118100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xjaa913yu93aboejfdhfqtsbjvqqulhx|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254999/; classtype:trojan-activity;sid:81118099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xajo2gtanqe5w2ps22priaq2t9qbte64|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254998/; classtype:trojan-activity;sid:81118098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xigdwefedn0bhwuud5tvadimmkmwo7hs|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254997/; classtype:trojan-activity;sid:81118097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1xai1i7xbjbi7dxhwojy1xjmxafzssypc|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254996/; classtype:trojan-activity;sid:81118096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1x2tgmwijpogtthcbjgxmobhfb4rfl_y7|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254995/; classtype:trojan-activity;sid:81118095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1w_zpwarvjfkzrev6zetjjzwsoy_dhav2|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254994/; classtype:trojan-activity;sid:81118094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1w9bk1xv81dh5umwza-n8rococzjsy9n-|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254993/; classtype:trojan-activity;sid:81118093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1w8jivwglgzfxxlmuehp_qvz9gbpz_m8l|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254992/; classtype:trojan-activity;sid:81118092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1vvar5iz_qgymqcnbfnpsypi9swfdayvo|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254991/; classtype:trojan-activity;sid:81118091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1vgcfjd61rbqtcioc3xiz40k9sl3kgosj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254990/; classtype:trojan-activity;sid:81118090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1vgadl5cs7mko2xeoe2w13nofahgota3a|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254989/; classtype:trojan-activity;sid:81118089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1v9erkcwjqkbgod3w8rbbytiaz25xgbc4|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254988/; classtype:trojan-activity;sid:81118088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ujovaqnzj8uksi_mlcukjcn-cpqngeex|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254987/; classtype:trojan-activity;sid:81118087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1uzttzbavwyd9rpusd3tugwxs5fhrjnnn|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254986/; classtype:trojan-activity;sid:81118086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1uejyjhh0vuhzos4rcqg5ipll9vk9xbrd|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254985/; classtype:trojan-activity;sid:81118085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1u5apvpxu8qsmiu9uxhdrvzmhppnfgyeo|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254984/; classtype:trojan-activity;sid:81118084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1twzhityaszxslp6kg_xxlu6cc0zfu9zc|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254983/; classtype:trojan-activity;sid:81118083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1tt6yiqq77o0grobg4znyj5sfjgtps7_g|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254982/; classtype:trojan-activity;sid:81118082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1tsmjkoyznxtvc_m8hu4zdg4yvuuvatvp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254981/; classtype:trojan-activity;sid:81118081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1toi3jur7odlxfdbqjqt_i32jvyxrrau0|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254980/; classtype:trojan-activity;sid:81118080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1tcrbzgur_nfgnma0xaey0seqv3jsth7l|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254979/; classtype:trojan-activity;sid:81118079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1tyhuo74pg0v5xi54maagugsoaufua_b2|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254978/; classtype:trojan-activity;sid:81118078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1tpg9ht3ydtytjqktcddacdsw44wdwi9z|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254977/; classtype:trojan-activity;sid:81118077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1t0aq2seuskex8tw_pj6f7xt7lewd57l3|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254976/; classtype:trojan-activity;sid:81118076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1stqzzvudpy3l-a_tuddyy3uw5vxtnr_t|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254975/; classtype:trojan-activity;sid:81118075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1sdisju87t6rdpwblvlm6xg4dfua3i4ir|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254974/; classtype:trojan-activity;sid:81118074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1sav0k_gr63ftqie0nptvqpw9e3ch505g|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254973/; classtype:trojan-activity;sid:81118073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1smniowhhxsq_rs4oy-d_vhkp0pgsqhff|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254972/; classtype:trojan-activity;sid:81118072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1s-sqyqsrcawvgi8qxixn6bfcjz-7t4ti|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254971/; classtype:trojan-activity;sid:81118071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1rxagtl0cz5x2qa6yrofb3zv63c-9d8zd|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254970/; classtype:trojan-activity;sid:81118070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1rciv4b7-qzcpnpx1m9hrndref_znxp5w|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254969/; classtype:trojan-activity;sid:81118069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1raiakgbrjqbnprbyuq-mdebnouoqmzuy|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254968/; classtype:trojan-activity;sid:81118068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1qwv-by4-mayatvz78mbkjwimf9sil07d|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254967/; classtype:trojan-activity;sid:81118067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1qwysur_0g9wyctsplr0fuyuuh6ovmyzs|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254966/; classtype:trojan-activity;sid:81118066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1qw0nlb2cgp89kwpys06hjlrne_0o9cyb|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254965/; classtype:trojan-activity;sid:81118065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1qshokcssqai1gt7lzphh5uc92-hvdnmy|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254964/; classtype:trojan-activity;sid:81118064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1qaskmu_qcfshcgwp9uvywxhq_mt-dixs|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254963/; classtype:trojan-activity;sid:81118063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1qu5stc3ktge0hqp-bwswmksbui_klwt1|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254962/; classtype:trojan-activity;sid:81118062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1q91mwwecal6s4s09kc4cwspuyvi-4gko|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254961/; classtype:trojan-activity;sid:81118061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1q2ysax_8fnpatjpzxvsy3szjyulruwwk|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254960/; classtype:trojan-activity;sid:81118060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1pmsyjsgdbxgqvtmmjjfn3xyzawosauny|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254959/; classtype:trojan-activity;sid:81118059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1pibjaumw4ytohycy1arg-ud80knq33bg|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254958/; classtype:trojan-activity;sid:81118058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1pp0dqxvr2t6xalmpr3epgvocxci38vkl|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254957/; classtype:trojan-activity;sid:81118057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1onmsa6ihns4jxdi_rgzo2kkrf4e5x3ec|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254956/; classtype:trojan-activity;sid:81118056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1okqgvuqejdfu99ie56huazefks2bnqb9|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254955/; classtype:trojan-activity;sid:81118055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1oilq_75vmq3wx4heh-4cs8fqlvdezecp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254954/; classtype:trojan-activity;sid:81118054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ohhyivfs6rsl-tfnj-hbeyw-awutt3ha|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254953/; classtype:trojan-activity;sid:81118053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1oem1qplzql--kijv0ocqbpwcr82ejf3y|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254952/; classtype:trojan-activity;sid:81118052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1nvnjw9k4fankv5jvrqfceccypzbcj3t3|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254951/; classtype:trojan-activity;sid:81118051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1npyljhq-bt9q_mwqur-styo9kbiqanqv|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254950/; classtype:trojan-activity;sid:81118050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1nk9-mixdeggqs_nllnnbebjforiel58a|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254949/; classtype:trojan-activity;sid:81118049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ni-uljue5idocldxyo9jwxphob2q3qjs|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254948/; classtype:trojan-activity;sid:81118048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1n1ic7qls0xaliudadp7fosn4psqmziay|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254947/; classtype:trojan-activity;sid:81118047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mbkixvjtqzaanuynsyuk5vpavsnayte_|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254946/; classtype:trojan-activity;sid:81118046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mundwa8g-b0-3sfj2szuku7imni42rd_|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254945/; classtype:trojan-activity;sid:81118045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mujmfdvfu9moo_bhbemflgqaocs7-eho|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254944/; classtype:trojan-activity;sid:81118044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1mbrkcixud942amyn4pe-hecu6svcdadc|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254943/; classtype:trojan-activity;sid:81118043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1m9gunu4yrxy5xe5rp_vfcldli6fd2zma|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254942/; classtype:trojan-activity;sid:81118042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1lte6iqi5bj8kofgnvz4htk57cxm_cxp3|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254941/; classtype:trojan-activity;sid:81118041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1lhrwvlghhlqllfjycsnglwk6iroen3xs|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254940/; classtype:trojan-activity;sid:81118040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1lh7vjyjwy78eb2eoknqorjayzadvzph7|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254939/; classtype:trojan-activity;sid:81118039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ljjhx39eeqnruu78j0g1n9lsinelysl4|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254938/; classtype:trojan-activity;sid:81118038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1lhymphdyihi1ac2g48k-5uou3sek93nu|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254937/; classtype:trojan-activity;sid:81118037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kxsyfl_nr-akbhte1i51jxnk6o4qbrb_|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254936/; classtype:trojan-activity;sid:81118036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kblkpgou3jsheo_ru-3lwlj9kqhzikbl|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254935/; classtype:trojan-activity;sid:81118035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ka57enfmp6_5apacu72v1izhjefuut2r|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254934/; classtype:trojan-activity;sid:81118034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1krk2blkzobvpu3btw4r1vthlhpog74iq|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254933/; classtype:trojan-activity;sid:81118033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kldidb8n-5d586g-yvwiweijbqxvz2uo|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254932/; classtype:trojan-activity;sid:81118032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kkkm9ffq0ds1vrquromkbhbhjfu7qzn7|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254931/; classtype:trojan-activity;sid:81118031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1kkph65-woznyedmspj2_hydt_yo8fgsm|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254930/; classtype:trojan-activity;sid:81118030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1k4qi9qhcujnaczqmt_cc1c74iqs4yigy|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254929/; classtype:trojan-activity;sid:81118029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1jw1sad9nyncz4fga50dwbjen4ns6rowx|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254928/; classtype:trojan-activity;sid:81118028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1jfifrvlcjhboizkhkretjx1kdp00gu8w|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254927/; classtype:trojan-activity;sid:81118027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1jwo5vfxxzmb28puqz4_9e3_2ititlou8|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254926/; classtype:trojan-activity;sid:81118026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1jftnnuw8crhreot5ztnbvgizyywsqyx5|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254925/; classtype:trojan-activity;sid:81118025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1j9bll2cnkpjtxyr18iytuyooujd0zrl7|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254924/; classtype:trojan-activity;sid:81118024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1j1wkua1yafxsw9m2cf8b4uwjichypl56|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254923/; classtype:trojan-activity;sid:81118023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1igrsumhhj4qyvd0upckxmuvi7wxjp3vz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254922/; classtype:trojan-activity;sid:81118022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1isvv9ukuq1sz4cfxxy5kda9-iuvesdho|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254921/; classtype:trojan-activity;sid:81118021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1iox-ntjdufrpwdxtbsbgheih-wddxomc|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254920/; classtype:trojan-activity;sid:81118020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1imrw5crdsvkbaofuy9j8dcnvyklouoha|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254919/; classtype:trojan-activity;sid:81118019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ijxeqvhc04o--3m6marbnucavzze0r6-|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254918/; classtype:trojan-activity;sid:81118018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1i3kvyam7inathahuwznaq-r1alsfffu3|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254917/; classtype:trojan-activity;sid:81118017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1hvqpurmlmjyyextcmt6cl-4flrxzyfdg|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254916/; classtype:trojan-activity;sid:81118016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1hlkto6ct9hkeqhginn_upoqnhjxmkt47|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254915/; classtype:trojan-activity;sid:81118015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1hl8oyeq7otn2inwlomrmgkvqgdzd20p3|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254914/; classtype:trojan-activity;sid:81118014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1hv3lo0lb_flvn30j_uqrdm0cv1tmkzpo|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254913/; classtype:trojan-activity;sid:81118013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1h82sdzczkt4vjb4c0dyrv0qso823oozv|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254912/; classtype:trojan-activity;sid:81118012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1h7610rvecs-pvsgjwu3eknv_qm2edg4t|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254911/; classtype:trojan-activity;sid:81118011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1h67zopqowye-alqn4cqnocetpy_gief7|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254910/; classtype:trojan-activity;sid:81118010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1h3yloumwhogy3dkdwo4r7ftu0wuduxwc|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254909/; classtype:trojan-activity;sid:81118009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gmluw6fgbafjpbvwb9khf9rsng_zwf-s|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254908/; classtype:trojan-activity;sid:81118008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gkdgetwewngsaoxfnwr2fg5yjpj8t4pp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254907/; classtype:trojan-activity;sid:81118007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gjb4nu1cxa_iynxz5ukrijfjdod_ognm|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254906/; classtype:trojan-activity;sid:81118006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gj-zdd6rv5cbqvn2dsfjkx34bvsaly_1|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254905/; classtype:trojan-activity;sid:81118005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gfp8sgepnfnxe7qtcgorvumwckjormwa|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254904/; classtype:trojan-activity;sid:81118004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1gbjpa6ldnvsmf5d-t4qca1xqtl-szbzq|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254903/; classtype:trojan-activity;sid:81118003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ghpfascpcezxyeb0lkgiovryrtdvha9m|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254902/; classtype:trojan-activity;sid:81118002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ggpmn1psnzauw1l6bebutmqd-x51woah|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254901/; classtype:trojan-activity;sid:81118001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1g40hidfly9yzouolzu0enxqb9uvf4k_f|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254900/; classtype:trojan-activity;sid:81118000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1fu06p4cfhtvjspcn_9paqlkqzg1x4bzy|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254899/; classtype:trojan-activity;sid:81117999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ft3f8gxej1pg_gcpj9ekievdvryeqfgt|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254898/; classtype:trojan-activity;sid:81117998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1frd1jwsckp9ehck2gbzeq1gukvwv1vil|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254897/; classtype:trojan-activity;sid:81117997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1fi7rddwvbkjnrqucbbeb0ghxm6ddympx|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254896/; classtype:trojan-activity;sid:81117996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1fyqjchhiaqqpamuqm_yj7dh0xq0npfkr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254895/; classtype:trojan-activity;sid:81117995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1fkb0bfu7kxbqo9tdxovd2lekyeemon7o|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254894/; classtype:trojan-activity;sid:81117994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1f3kkuzmfssu02_ijsfccbrahvl8f0asy|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254893/; classtype:trojan-activity;sid:81117993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ezrh65huxqi6ln0p_hqnung50eo0slkn|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254892/; classtype:trojan-activity;sid:81117992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1evp2elc-sjhvaiw1h1kyryxin37mbyo1|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254891/; classtype:trojan-activity;sid:81117991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ecbnezvditzj-c1f46h47w9iai2g9lct|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254890/; classtype:trojan-activity;sid:81117990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1evdmfwpjcvbj-ttm6r9ai3pg5lel6xsu|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254889/; classtype:trojan-activity;sid:81117989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ejduerr7cgkjlvvrt6bruoaqj6ens9ln|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254888/; classtype:trojan-activity;sid:81117988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1egtpflw4183qfpz1ax5abd_cuosxeidg|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254887/; classtype:trojan-activity;sid:81117987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1e3v2hua8f0ytb16qbdqq794fsryejlmy|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254886/; classtype:trojan-activity;sid:81117986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dub4ko97hju5b2kx6tr0l7duw-vr1iy1|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254885/; classtype:trojan-activity;sid:81117985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dd8u5log1znbwyx0a9nnkcaclhnyshcm|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254884/; classtype:trojan-activity;sid:81117984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1daqbvicnn31lpwrpubmtny55ggn6wnx8|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254883/; classtype:trojan-activity;sid:81117983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dvs_paappvaxqak5n9pxgxy4z1pyhoii|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254882/; classtype:trojan-activity;sid:81117982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dv7g_8aikktizqiwsn2vkwvea-ureo3-|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254881/; classtype:trojan-activity;sid:81117981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dsqelpydksmw3vq9_mrls360676zydsr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254880/; classtype:trojan-activity;sid:81117980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1dl32jne35jg7unaz-1hwnei-gcejtk7k|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254879/; classtype:trojan-activity;sid:81117979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1d5ei5hzv4zy_v12al8iswjcfohk2yuun|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254878/; classtype:trojan-activity;sid:81117978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1d19ar7sy_f7yyuj_yzjwr-jrb3p6nn_8|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254877/; classtype:trojan-activity;sid:81117977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1cw8errazdrzppadpfcfgp-enxq_n5m0f|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254876/; classtype:trojan-activity;sid:81117976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1csxq9ock5cfvsgxpz2bptylq8enhntkx|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254875/; classtype:trojan-activity;sid:81117975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1cysz22surrqqhyurp8ns-pna5ia6gede|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254874/; classtype:trojan-activity;sid:81117974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ctil1qh42-emsc_b8r_3-8kqk1wdcdzj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254873/; classtype:trojan-activity;sid:81117973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1buh9riiih0cvhnsusdxoucaeyu6tvksu|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254872/; classtype:trojan-activity;sid:81117972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1bnregm3nqypgtnhvzt0yghmenjgkx_fh|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254871/; classtype:trojan-activity;sid:81117971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1basxc6ajbsirew6d3shibmybnphxzqvr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254870/; classtype:trojan-activity;sid:81117970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1b4eku1ejgkitepjhdejhwqio20vqdkjr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254869/; classtype:trojan-activity;sid:81117969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1awklqm0mbkk5ameiyryv9sy6rnv3tcgk|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254868/; classtype:trojan-activity;sid:81117968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1awwavngucsfmzgeqlsby-jj-_ip0vefw|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254867/; classtype:trojan-activity;sid:81117967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1atac4nqv5j-as9zjn2rgtufoawfaxubv|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254866/; classtype:trojan-activity;sid:81117966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1aptwhensqgdsxu7qorheuluqg-uaj8ao|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254865/; classtype:trojan-activity;sid:81117965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1agr8lvkb4yuqlt8rmwaqxj3yrvc3hnk0|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254864/; classtype:trojan-activity;sid:81117964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1bmnlbhankewlfqu3_feig99db_-8bc7p|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254863/; classtype:trojan-activity;sid:81117963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1a8j5xjt1fx6v1qqnf1uhh_pad50u1sgn|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254862/; classtype:trojan-activity;sid:81117962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1a0_mqhnl60dycg6-hkpyfexylcz7x2k7|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254861/; classtype:trojan-activity;sid:81117961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=19rbjcvxgcm8y8nu4l2gh7mqiabyov0rx|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254860/; classtype:trojan-activity;sid:81117960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=19li8exk3esff9hg6txd_nbndm06pd9qx|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254859/; classtype:trojan-activity;sid:81117959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=19izvjngb3gp5fz9r9dzwgyxymolrwrmi|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254858/; classtype:trojan-activity;sid:81117958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=19hldjvzbpgoqdcsfd0pgni03dz-zzm5a|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254857/; classtype:trojan-activity;sid:81117957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=19h28xfmxj-jzcsf4bswyqe7h-_1aifvo|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254856/; classtype:trojan-activity;sid:81117956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=19gwtfmuu9fe0uqwdpwi3zfkk-bqvr3-w|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254855/; classtype:trojan-activity;sid:81117955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=19dpk9dwb52ccv0jzpz8uamf3ng6oprtp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254854/; classtype:trojan-activity;sid:81117954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=19f0jiapfwzkxs0wdm4leqajbiqaydzhi|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254853/; classtype:trojan-activity;sid:81117953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=19corja_k-6kabxdly9ccffmdy0eodt_l|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254852/; classtype:trojan-activity;sid:81117952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=196d-fqmpfvphtlzfb0txyuaengwxrflj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254851/; classtype:trojan-activity;sid:81117951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=18zaspx8c-rub5jl-zdo8ruzeborac3ir|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254850/; classtype:trojan-activity;sid:81117950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=18qnoydue5kiyvoah5pf7jpdgi1r_cmix|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254849/; classtype:trojan-activity;sid:81117949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=18k7y4eobdkyxmwaytkocuwix4yas16en|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254848/; classtype:trojan-activity;sid:81117948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=18sc_2zl8dhyy6hzjpgx6gct-hn7qfq35|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254847/; classtype:trojan-activity;sid:81117947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=18hrrgl7n34osjjkyelnpuipjtz6aga9q|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254846/; classtype:trojan-activity;sid:81117946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=180fnjdrman41hsro5_pq0-jcuxtgmt6j|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254845/; classtype:trojan-activity;sid:81117945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=17ynuqfbgcl5kq2oae3hz9o6-goilentz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254844/; classtype:trojan-activity;sid:81117944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=17kjiflnvlyobgwxd2lmjvpiwmrwk99ok|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254843/; classtype:trojan-activity;sid:81117943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=17xzkqph0ca28ezwaxkmhnqiuc_cltatd|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254842/; classtype:trojan-activity;sid:81117942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=17vjc3smujjg_ah_icfpvwf1kphsuocqn|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254841/; classtype:trojan-activity;sid:81117941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=17s5oghjjbqykr5nuggrrw7hmqvnlwu6e|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254840/; classtype:trojan-activity;sid:81117940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=17plym1bvacxx5o9bfsuk7ap5tq9-jago|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254839/; classtype:trojan-activity;sid:81117939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=17gsqll2urpmlpadhgb7qk_spgpwamd6r|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254838/; classtype:trojan-activity;sid:81117938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=17f91mdbsamx8jsvjo1bhmdh8_bgxpn2y|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254837/; classtype:trojan-activity;sid:81117937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1743ngig9osgimhw5qsseltprj4iwt26n|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254836/; classtype:trojan-activity;sid:81117936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=171ivphig-lu2x7dnvx-qjufbqgavxazv|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254835/; classtype:trojan-activity;sid:81117935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=16woi6dfqxsyy2i0gdtxl92fbx4tw5xmf|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254834/; classtype:trojan-activity;sid:81117934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=16siulvqy-bkq9opz2h-g2_uv6bgcfcvm|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254833/; classtype:trojan-activity;sid:81117933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=16n2nhs2l3uxzojuhijavensdjj_l9r4q|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254832/; classtype:trojan-activity;sid:81117932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=16ip5sv3tvdvjxqp90ioopakx1ihisvfi|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254831/; classtype:trojan-activity;sid:81117931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=16o6uxoldstaydikh6fjw6kmm5pixgykw|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254830/; classtype:trojan-activity;sid:81117930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=16jsvul8mkx5s5_loutqmck9mk2wl4ui7|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254829/; classtype:trojan-activity;sid:81117929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=15bjrdmplmflktwy5cp9l50fxhqoevvnw|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254828/; classtype:trojan-activity;sid:81117928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=15qm_g5hbbmdgynrxpsfiw4rn7ak72ttr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254827/; classtype:trojan-activity;sid:81117927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=15phfby4fexxnnimuy9vlz_xvwgd1rpss|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254826/; classtype:trojan-activity;sid:81117926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=15jalfljwphh99omfczbi5w3c7mcyy0cc|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254825/; classtype:trojan-activity;sid:81117925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1531jkhnxvn1phy0ctmq6srjlr02io3tx|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254824/; classtype:trojan-activity;sid:81117924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=14rjpywa_janykd1qxsi5zvsjdy1bkfia|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254823/; classtype:trojan-activity;sid:81117923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=14odweiglii8pzcdd-wpu2wws-a0hkeiz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254822/; classtype:trojan-activity;sid:81117922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=14mofesolnllaydzhysl52ieyr4tp9izw|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254821/; classtype:trojan-activity;sid:81117921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=14mlawxg7dz6e7-xsegysuemfssqnpi-u|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254820/; classtype:trojan-activity;sid:81117920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=14kqqqnnwktgslkjp3n88mtmozaeekirt|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254819/; classtype:trojan-activity;sid:81117919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=14ipfsmb4vai6c3cntud-ddzwm9cklnya|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254818/; classtype:trojan-activity;sid:81117918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=14cznqiaytxrl8bw36x2ud3gwrzwpiu8w|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254817/; classtype:trojan-activity;sid:81117917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=14ywomex6jcxh1f3r9whznyvvzfosyv4x|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254816/; classtype:trojan-activity;sid:81117916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=14fnzacbtle3xduweb2t0_qrt1zj3bors|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254815/; classtype:trojan-activity;sid:81117915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=14fz99vqyhdpzet6m25ddtxcj9vhtuafi|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254814/; classtype:trojan-activity;sid:81117914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1499mil5uz9gz1ahuu594xdcprk30okz2|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254813/; classtype:trojan-activity;sid:81117913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=13lxgp9vwudvg1zqipuwbo8urh3pdvy26|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254812/; classtype:trojan-activity;sid:81117912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=13eyoebbzcav0qtmpcbboteoh4p6duw2w|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254811/; classtype:trojan-activity;sid:81117911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=13y9cy9obmhn3jtebphfhspkmxlfiv5n6|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254810/; classtype:trojan-activity;sid:81117910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=13vi6piwqpcg6wyolbg71b00nieorqspd|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254809/; classtype:trojan-activity;sid:81117909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=13kiok699ihbxcoh7fpmsppqyld9glvvs|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254808/; classtype:trojan-activity;sid:81117908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=13d36bsbrtmop-nxcct7_0ywvtvmdamc-|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254807/; classtype:trojan-activity;sid:81117907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1304fsnjpnyd0twknyxnw7ljludk3-ovr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254806/; classtype:trojan-activity;sid:81117906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=12lceo5fp_ctjqcvd22gnosr6uhwsmdgq|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254805/; classtype:trojan-activity;sid:81117905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=12gza4hqdcqkymwulel1qc_a65t958cj0|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254804/; classtype:trojan-activity;sid:81117904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=12wj3c5qllkmwrqtsncdullj3uyi8ukxs|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254803/; classtype:trojan-activity;sid:81117903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=12tfbjhaxj6vnluat6ybdduhkvnewak5e|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254802/; classtype:trojan-activity;sid:81117902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=12pqxb_pqeutgdredziy0srhq8l7yb6eh|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254801/; classtype:trojan-activity;sid:81117901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=12nvt3zxkbmkqp4j6osegjkohdqldidxa|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254800/; classtype:trojan-activity;sid:81117900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=12n0ce-qlnjruomppqs7eknfrcsvl2hfb|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254799/; classtype:trojan-activity;sid:81117899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=11vxwfnln_x6ib1sioyqhdstbvyq1hpyn|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254798/; classtype:trojan-activity;sid:81117898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=11o56hs4nyzmkqbyhvegxosofdpss3rlu|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254797/; classtype:trojan-activity;sid:81117897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=11ihqttzu6do3a-bh47vsehbwx6vyq9bj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254796/; classtype:trojan-activity;sid:81117896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=11oiqi995a6f3qsapkxig4qdqtvbpc01p|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254795/; classtype:trojan-activity;sid:81117895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=11l9l22rlsdsjscfz2dzyg4git-corusj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254794/; classtype:trojan-activity;sid:81117894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=11kizkmgjiptu4akpbarnli7egeiwp57c|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254793/; classtype:trojan-activity;sid:81117893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=11hb-ho7u0wgaikxm2mu-oyg2g-g-rbz3|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254792/; classtype:trojan-activity;sid:81117892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=11e0joj6r_ufooy650jpspfpuipdnb3rk|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254791/; classtype:trojan-activity;sid:81117891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=11bhu1dfkzhj6lp4n3e_rkzehhgcyqypj|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254790/; classtype:trojan-activity;sid:81117890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=117yjck9iyyyc83lkz8senna50yihbzg2|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254789/; classtype:trojan-activity;sid:81117889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=10m9g8hzz8z6w_ohuciuzlzhrdinbbbpa|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254788/; classtype:trojan-activity;sid:81117888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=10gnfitcfosgmgglk7srwzm0tj1mxosfi|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254787/; classtype:trojan-activity;sid:81117887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=10dcnttebfifkkyixlas2gzxgg_vvy55k|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254786/; classtype:trojan-activity;sid:81117886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=10mf5cb-jlvxcy1u6je7lzkv68eofwnvz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254785/; classtype:trojan-activity;sid:81117885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=10mpwtplkl1oivutsoktwakymlrn_yjdb|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254784/; classtype:trojan-activity;sid:81117884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1-xfviero6ucfcohwgswu5guh285k1br3|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254783/; classtype:trojan-activity;sid:81117883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1-itd8kxuyqynrydi-27n2kbg4_qrvnhm|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254782/; classtype:trojan-activity;sid:81117882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1-gsdbjzuhnxzbp8-9t7couw01xewxvj-|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254781/; classtype:trojan-activity;sid:81117881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1-couftwupag9ldxu1cofxod_r3uouuis|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254780/; classtype:trojan-activity;sid:81117880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1-xqwez44wd2zgioqo6jqbjqqrwqymjku|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254779/; classtype:trojan-activity;sid:81117879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1-rggtv0ehyw4wembmrc5fkq9cwta7gzp|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254778/; classtype:trojan-activity;sid:81117878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1-or1xhkagysmatem9l-gptizuygbjkcy|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254777/; classtype:trojan-activity;sid:81117877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1-fmncvv2q1zf8hi2romlptlgvqn2ejme|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254776/; classtype:trojan-activity;sid:81117876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1-ci74iaascc-5y4kejm9qoesxjs_9fyr|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254775/; classtype:trojan-activity;sid:81117875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1-8_9p9c7cie7umsdadwjh7vevaywua33|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254774/; classtype:trojan-activity;sid:81117874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1-66hmyshcvy8ohsja4ifi8w7x3megcm3|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254773/; classtype:trojan-activity;sid:81117873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1-2slhu_d5oqmvsy2b9vrb71sgo7ou6qz|26|export=download"; http_uri; depth:58; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254772/; classtype:trojan-activity;sid:81117872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3306"; http_uri; depth:5; isdataat:!1,relative; content:"172.81.99.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254771/; classtype:trojan-activity;sid:81117871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dw/scan07012019.exe"; http_uri; depth:20; isdataat:!1,relative; content:"mijasgolfbreak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254769/; classtype:trojan-activity;sid:81117869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/new/wp-content/themes/ord/order%20contract.exe"; http_uri; depth:47; isdataat:!1,relative; content:"pmmovies.it"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254767/; classtype:trojan-activity;sid:81117867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ctxqjwxh"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254766/; classtype:trojan-activity;sid:81117866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/4e631-3ux5ba9vq-05/"; http_uri; depth:31; isdataat:!1,relative; content:"ngaustore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254765/; classtype:trojan-activity;sid:81117865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/qegmhxhhw/"; http_uri; depth:20; isdataat:!1,relative; content:"sbhosale.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254764/; classtype:trojan-activity;sid:81117864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/icrpzsnv/"; http_uri; depth:20; isdataat:!1,relative; content:"financialbank.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254763/; classtype:trojan-activity;sid:81117863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/jovmcszyr/"; http_uri; depth:30; isdataat:!1,relative; content:"devitech.com.co"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254762/; classtype:trojan-activity;sid:81117862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/zjqxio23oj-xpci-82/"; http_uri; depth:29; isdataat:!1,relative; content:"www.dijitalbirikim.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254761/; classtype:trojan-activity;sid:81117861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxi20xpqs.x86"; http_uri; depth:14; isdataat:!1,relative; content:"107.189.10.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254760/; classtype:trojan-activity;sid:81117860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxi20xpqs.sparc"; http_uri; depth:16; isdataat:!1,relative; content:"107.189.10.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254759/; classtype:trojan-activity;sid:81117859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxi20xpqs.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"107.189.10.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254758/; classtype:trojan-activity;sid:81117858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxi20xpqs.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"107.189.10.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254757/; classtype:trojan-activity;sid:81117857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxi20xpqs.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"107.189.10.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254756/; classtype:trojan-activity;sid:81117856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxi20xpqs.mips"; http_uri; depth:15; isdataat:!1,relative; content:"107.189.10.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254755/; classtype:trojan-activity;sid:81117855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxi20xpqs.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"107.189.10.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254754/; classtype:trojan-activity;sid:81117854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxi20xpqs.i686"; http_uri; depth:15; isdataat:!1,relative; content:"107.189.10.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254753/; classtype:trojan-activity;sid:81117853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/2605118.jpg"; http_uri; depth:14; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254752/; classtype:trojan-activity;sid:81117852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxi20xpqs.i586"; http_uri; depth:15; isdataat:!1,relative; content:"107.189.10.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254751/; classtype:trojan-activity;sid:81117851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxi20xpqs.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"107.189.10.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254750/; classtype:trojan-activity;sid:81117850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxi20xpqs.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"107.189.10.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254749/; classtype:trojan-activity;sid:81117849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxi20xpqs.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"107.189.10.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254748/; classtype:trojan-activity;sid:81117848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxi20xpqs.arm4"; http_uri; depth:15; isdataat:!1,relative; content:"107.189.10.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254747/; classtype:trojan-activity;sid:81117847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fuze.sh"; http_uri; depth:8; isdataat:!1,relative; content:"107.189.10.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254746/; classtype:trojan-activity;sid:81117846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"104.33.13.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254745/; classtype:trojan-activity;sid:81117845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/static/4005/ddgs.i686"; http_uri; depth:22; isdataat:!1,relative; content:"157.230.48.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254744/; classtype:trojan-activity;sid:81117844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/static/4005/ddgs.x86_64"; http_uri; depth:24; isdataat:!1,relative; content:"157.230.48.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254743/; classtype:trojan-activity;sid:81117843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/b/arm7"; http_uri; depth:7; isdataat:!1,relative; content:"188.209.49.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254742/; classtype:trojan-activity;sid:81117842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i.sh"; http_uri; depth:5; isdataat:!1,relative; content:"157.230.48.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254741/; classtype:trojan-activity;sid:81117841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/56861392/67262078-0aa0cd80-f4d6-11e9-8639-63829755ed31.jpg"; http_uri; depth:59; isdataat:!1,relative; content:"user-images.githubusercontent.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254740/; classtype:trojan-activity;sid:81117840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/56861392/67261951-83ebf080-f4d5-11e9-9807-d0919c3b4b74.jpg"; http_uri; depth:59; isdataat:!1,relative; content:"user-images.githubusercontent.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254739/; classtype:trojan-activity;sid:81117839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cvd/dist/fileupload/1571723382710/9.915787746614242.jpg"; http_uri; depth:56; isdataat:!1,relative; content:"cdn.xiaoduoai.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254738/; classtype:trojan-activity;sid:81117838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cvd/dist/fileupload/1571723350789/0.25579108623802416.jpg"; http_uri; depth:58; isdataat:!1,relative; content:"cdn.xiaoduoai.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254737/; classtype:trojan-activity;sid:81117837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chatres/89/msg/20191022/2be662ee79084035914e9d6a6d6be10d.png"; http_uri; depth:61; isdataat:!1,relative; content:"img.sobot.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254736/; classtype:trojan-activity;sid:81117836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chatres/89/msg/20191022/78e3582c42824f17aba17feefb87ea5f.png"; http_uri; depth:61; isdataat:!1,relative; content:"img.sobot.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254735/; classtype:trojan-activity;sid:81117835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rrr_outpute8ee74f.exe"; http_uri; depth:22; isdataat:!1,relative; content:"ghkjzxf.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254734/; classtype:trojan-activity;sid:81117834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rsjkfhcxk.exe"; http_uri; depth:14; isdataat:!1,relative; content:"ghkjzxf.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254733/; classtype:trojan-activity;sid:81117833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rvcbbcvsd.exe"; http_uri; depth:14; isdataat:!1,relative; content:"ghkjzxf.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254732/; classtype:trojan-activity;sid:81117832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"23.254.231.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254731/; classtype:trojan-activity;sid:81117831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"23.254.231.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254730/; classtype:trojan-activity;sid:81117830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; content:"23.254.231.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254729/; classtype:trojan-activity;sid:81117829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"23.254.231.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254728/; classtype:trojan-activity;sid:81117828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"23.254.231.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254727/; classtype:trojan-activity;sid:81117827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; content:"23.254.231.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254726/; classtype:trojan-activity;sid:81117826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"23.254.231.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254725/; classtype:trojan-activity;sid:81117825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"23.254.231.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254724/; classtype:trojan-activity;sid:81117824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; content:"23.254.231.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254723/; classtype:trojan-activity;sid:81117823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; content:"23.254.231.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254722/; classtype:trojan-activity;sid:81117822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"23.254.231.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254721/; classtype:trojan-activity;sid:81117821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/cic.exe"; http_uri; depth:12; isdataat:!1,relative; content:"dark-saiki-3105.egoism.jp"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254720/; classtype:trojan-activity;sid:81117820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/new/wp-content/dhl-shipment-delivery.exe"; http_uri; depth:41; isdataat:!1,relative; content:"pmmovies.it"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254719/; classtype:trojan-activity;sid:81117819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/putty.jpg"; http_uri; depth:12; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254718/; classtype:trojan-activity;sid:81117818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/nn-1.jpg"; http_uri; depth:11; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254717/; classtype:trojan-activity;sid:81117817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/nn-1.hta"; http_uri; depth:11; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254716/; classtype:trojan-activity;sid:81117816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/nn-1.exe"; http_uri; depth:11; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254715/; classtype:trojan-activity;sid:81117815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/bb15.jpg"; http_uri; depth:11; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254714/; classtype:trojan-activity;sid:81117814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/6051777.jpg"; http_uri; depth:14; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254713/; classtype:trojan-activity;sid:81117813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/5677103.jpg"; http_uri; depth:14; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254712/; classtype:trojan-activity;sid:81117812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/5601988.jpg"; http_uri; depth:14; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254711/; classtype:trojan-activity;sid:81117811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/2605912.jpg"; http_uri; depth:14; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254710/; classtype:trojan-activity;sid:81117810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/2306119.jpg"; http_uri; depth:14; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254709/; classtype:trojan-activity;sid:81117809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/1506152.jpg"; http_uri; depth:14; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254708/; classtype:trojan-activity;sid:81117808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/1489010.jpg"; http_uri; depth:14; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254707/; classtype:trojan-activity;sid:81117807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/1489010.hta"; http_uri; depth:14; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254706/; classtype:trojan-activity;sid:81117806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/1489010.exe"; http_uri; depth:14; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254705/; classtype:trojan-activity;sid:81117805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/1223320.jpg"; http_uri; depth:14; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254704/; classtype:trojan-activity;sid:81117804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/1065908.jpg"; http_uri; depth:14; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254703/; classtype:trojan-activity;sid:81117803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/894000.jpg"; http_uri; depth:13; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254702/; classtype:trojan-activity;sid:81117802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/330693.jpg"; http_uri; depth:13; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254701/; classtype:trojan-activity;sid:81117801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/111056.jpg"; http_uri; depth:13; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254700/; classtype:trojan-activity;sid:81117800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/110359.jpg"; http_uri; depth:13; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254699/; classtype:trojan-activity;sid:81117799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/25960.jpg"; http_uri; depth:12; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254698/; classtype:trojan-activity;sid:81117798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/0pg4baibkftayee.jpg"; http_uri; depth:22; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254696/; classtype:trojan-activity;sid:81117796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/25600103.jpg"; http_uri; depth:15; isdataat:!1,relative; content:"13.54.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254695/; classtype:trojan-activity;sid:81117795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eupanda.exe"; http_uri; depth:12; isdataat:!1,relative; content:"updateinfo3.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254694/; classtype:trojan-activity;sid:81117794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/us/1.exe"; http_uri; depth:14; isdataat:!1,relative; content:"updateinfo4.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254693/; classtype:trojan-activity;sid:81117793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/eu/2.exe"; http_uri; depth:14; isdataat:!1,relative; content:"updateinfo4.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254692/; classtype:trojan-activity;sid:81117792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/us/2.exe"; http_uri; depth:14; isdataat:!1,relative; content:"updateinfo4.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254691/; classtype:trojan-activity;sid:81117791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fbot.x86_64"; http_uri; depth:12; isdataat:!1,relative; content:"5.206.227.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254690/; classtype:trojan-activity;sid:81117790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/638884751054340122/645888146784911370/rfq.gz"; http_uri; depth:57; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254689/; classtype:trojan-activity;sid:81117789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aas/bbsd.exe"; http_uri; depth:13; isdataat:!1,relative; content:"45.142.213.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254688/; classtype:trojan-activity;sid:81117788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lamilo.exe"; http_uri; depth:11; isdataat:!1,relative; content:"efore.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254687/; classtype:trojan-activity;sid:81117787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/xegp/"; http_uri; depth:15; isdataat:!1,relative; content:"tapucreative.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254686/; classtype:trojan-activity;sid:81117786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/vly/"; http_uri; depth:16; isdataat:!1,relative; content:"jasamebel.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254685/; classtype:trojan-activity;sid:81117785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/lvq/"; http_uri; depth:14; isdataat:!1,relative; content:"youthtransformers.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254684/; classtype:trojan-activity;sid:81117784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/gwzbk/"; http_uri; depth:18; isdataat:!1,relative; content:"caspertour.asc-florida.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254683/; classtype:trojan-activity;sid:81117783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/goi7o8/"; http_uri; depth:17; isdataat:!1,relative; content:"rout66motors.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254682/; classtype:trojan-activity;sid:81117782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/new/wp-content/themes/order1.exe"; http_uri; depth:33; isdataat:!1,relative; content:"pmmovies.it"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254681/; classtype:trojan-activity;sid:81117781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ss.php"; http_uri; depth:7; isdataat:!1,relative; content:"reloffersstart.co"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254680/; classtype:trojan-activity;sid:81117780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/law/ramcrypt.exe"; http_uri; depth:17; isdataat:!1,relative; content:"realgauthier.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254679/; classtype:trojan-activity;sid:81117779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cd/0/get/asn6lxylcvkk-zrrmvsxjc8maldjrrwhvefpjkemmicd-3wk4ynkoactx9zkd7czt6rllpwujp-02wuunfqtxctfbd3xiqfnrhkmf85j8doi80qdnotnkxbtq9md_akb9x4/filedl=1"; http_uri; depth:150; isdataat:!1,relative; content:"ucb33db8861d8bf005d178f71e1b.dl.dropboxusercontent.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254678/; classtype:trojan-activity;sid:81117778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"122.116.97.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254677/; classtype:trojan-activity;sid:81117777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/br/ijsk.exe"; http_uri; depth:12; isdataat:!1,relative; content:"indoroyalseafood.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254676/; classtype:trojan-activity;sid:81117776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/plain/sf4rbx"; http_uri; depth:13; isdataat:!1,relative; content:"ideone.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254675/; classtype:trojan-activity;sid:81117775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wtf3/raw"; http_uri; depth:9; isdataat:!1,relative; content:"rentry.co"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254674/; classtype:trojan-activity;sid:81117774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/6k5/"; http_uri; depth:13; isdataat:!1,relative; content:"learnbester.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254673/; classtype:trojan-activity;sid:81117773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chakamobile/75lnr515/"; http_uri; depth:22; isdataat:!1,relative; content:"www.chakamobile.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254672/; classtype:trojan-activity;sid:81117772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/au10/769758/"; http_uri; depth:13; isdataat:!1,relative; content:"ruanyun123.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254671/; classtype:trojan-activity;sid:81117771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mo8igygw3uv/t4z68181/"; http_uri; depth:22; isdataat:!1,relative; content:"koshishmarketing.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254670/; classtype:trojan-activity;sid:81117770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jpwl6/abs8up94/"; http_uri; depth:16; isdataat:!1,relative; content:"www.redmediasigns.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254669/; classtype:trojan-activity;sid:81117769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/11/up.hta"; http_uri; depth:10; isdataat:!1,relative; content:"thankg1.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254668/; classtype:trojan-activity;sid:81117768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/myneworigin/myneworigin.exe"; http_uri; depth:28; isdataat:!1,relative; content:"dubem.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254667/; classtype:trojan-activity;sid:81117767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mpx1.exe"; http_uri; depth:9; isdataat:!1,relative; content:"hansco.in"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254666/; classtype:trojan-activity;sid:81117766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mpx.exe"; http_uri; depth:8; isdataat:!1,relative; content:"hansco.in"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254665/; classtype:trojan-activity;sid:81117765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1xxbot/1xxbot/downloads/teamviewer.exe"; http_uri; depth:39; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254664/; classtype:trojan-activity;sid:81117764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"198.12.97.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254663/; classtype:trojan-activity;sid:81117763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"198.12.97.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254662/; classtype:trojan-activity;sid:81117762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mips"; http_uri; depth:17; isdataat:!1,relative; content:"198.12.97.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254661/; classtype:trojan-activity;sid:81117761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"198.12.97.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254660/; classtype:trojan-activity;sid:81117760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"198.12.97.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254659/; classtype:trojan-activity;sid:81117759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"198.12.97.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254658/; classtype:trojan-activity;sid:81117758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"198.12.97.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254657/; classtype:trojan-activity;sid:81117757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"198.12.97.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254656/; classtype:trojan-activity;sid:81117756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"198.12.97.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254655/; classtype:trojan-activity;sid:81117755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm"; http_uri; depth:16; isdataat:!1,relative; content:"198.12.97.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254654/; classtype:trojan-activity;sid:81117754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.spc"; http_uri; depth:16; isdataat:!1,relative; content:"198.12.97.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254653/; classtype:trojan-activity;sid:81117753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ndfgjhas.exe"; http_uri; depth:13; isdataat:!1,relative; content:"cbvgdf.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254652/; classtype:trojan-activity;sid:81117752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y4mmojq5-rje2ccjr3qeytzv60l0o5cfgzxcnnouugzh14xdzvy3rd31zhpsnecbdv9dhz6kngj3czzvmr5hkehxypwmmnjwqdmfyeiyrpftyxttthn6e3ydqx4t0cof_u8hk_swiftqnudmbmzcjnfqpz6hudh73kgnai8tt9mrup2rat-clkblg-15qohgftzbgyt27lgn6qg_qt7zo6taw/skmb_rfq%20po%205598876545677.gzdownload|26|psid=1"; http_uri; depth:269; isdataat:!1,relative; content:"jibqla.dm.files.1drv.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254651/; classtype:trojan-activity;sid:81117751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/erccyp/"; http_uri; depth:17; isdataat:!1,relative; content:"hostalcabanavaihere.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254650/; classtype:trojan-activity;sid:81117750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/632j0z/"; http_uri; depth:17; isdataat:!1,relative; content:"ycg-tw.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254649/; classtype:trojan-activity;sid:81117749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/copyright/7prj/"; http_uri; depth:16; isdataat:!1,relative; content:"smilefreshlaundry.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254648/; classtype:trojan-activity;sid:81117748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/t8wkn1/"; http_uri; depth:17; isdataat:!1,relative; content:"www.depannage-reparateur-lave-linge.com"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254647/; classtype:trojan-activity;sid:81117747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/175k/glb5rxp/"; http_uri; depth:14; isdataat:!1,relative; content:"bsiengg.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254646/; classtype:trojan-activity;sid:81117746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/notiwek3j/78rl-cd4uo-84463/"; http_uri; depth:28; isdataat:!1,relative; content:"easytradeservices.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254645/; classtype:trojan-activity;sid:81117745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/notiwek3j/kzwvxen-4y3t9jlk-9309833/"; http_uri; depth:36; isdataat:!1,relative; content:"letmein.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254644/; classtype:trojan-activity;sid:81117744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/backup/cxer1lky-s61-0470868504/"; http_uri; depth:32; isdataat:!1,relative; content:"www.huda.ac.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254643/; classtype:trojan-activity;sid:81117743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/4yvs1t9lml-ml52fsebev-840527/"; http_uri; depth:39; isdataat:!1,relative; content:"www.driver4me.be"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254642/; classtype:trojan-activity;sid:81117742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/aehyc2whsw-48yhtl-207442/"; http_uri; depth:37; isdataat:!1,relative; content:"www.cleaningbusinessinstitute.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254641/; classtype:trojan-activity;sid:81117741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/drsstor.bin"; http_uri; depth:12; isdataat:!1,relative; content:"venturibusinesssolutions.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254639/; classtype:trojan-activity;sid:81117739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/aujxsb24/"; http_uri; depth:19; isdataat:!1,relative; content:"gwrkfpmw.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254638/; classtype:trojan-activity;sid:81117738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/dzpbq5213/"; http_uri; depth:15; isdataat:!1,relative; content:"agenta.airosgroup.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254637/; classtype:trojan-activity;sid:81117737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/backup-1482895488-wp-includes/ctz380/"; http_uri; depth:38; isdataat:!1,relative; content:"www.oakessitecontractors.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254636/; classtype:trojan-activity;sid:81117736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/225/"; http_uri; depth:17; isdataat:!1,relative; content:"mercadry.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254635/; classtype:trojan-activity;sid:81117735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/k69/"; http_uri; depth:9; isdataat:!1,relative; content:"www.ketobes.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254634/; classtype:trojan-activity;sid:81117734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/609188936899624960/609191727265349667/minecraft_cheat_v6.3.exe.exe"; http_uri; depth:79; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254633/; classtype:trojan-activity;sid:81117733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zzzhqqtz"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254632/; classtype:trojan-activity;sid:81117732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/341529577606217730/609103022756331596/1.exe"; http_uri; depth:56; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254631/; classtype:trojan-activity;sid:81117731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"155.138.209.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254630/; classtype:trojan-activity;sid:81117730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"155.138.209.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254629/; classtype:trojan-activity;sid:81117729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"155.138.209.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254627/; classtype:trojan-activity;sid:81117727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"155.138.209.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254626/; classtype:trojan-activity;sid:81117726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"155.138.209.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254625/; classtype:trojan-activity;sid:81117725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"155.138.209.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254624/; classtype:trojan-activity;sid:81117724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"155.138.209.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254623/; classtype:trojan-activity;sid:81117723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"155.138.209.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254622/; classtype:trojan-activity;sid:81117722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.spc"; http_uri; depth:21; isdataat:!1,relative; content:"155.138.209.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254621/; classtype:trojan-activity;sid:81117721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"155.138.209.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254620/; classtype:trojan-activity;sid:81117720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"155.138.209.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254619/; classtype:trojan-activity;sid:81117719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/doc/pr.exe"; http_uri; depth:11; isdataat:!1,relative; content:"av-gearhouse.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254617/; classtype:trojan-activity;sid:81117717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cannan/pr.exe"; http_uri; depth:14; isdataat:!1,relative; content:"av-gearhouse.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254615/; classtype:trojan-activity;sid:81117715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"62.103.77.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254614/; classtype:trojan-activity;sid:81117714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pxvcjgh.exe"; http_uri; depth:12; isdataat:!1,relative; content:"cbvgdf.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254613/; classtype:trojan-activity;sid:81117713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.arm4"; http_uri; depth:11; isdataat:!1,relative; content:"178.33.83.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254612/; classtype:trojan-activity;sid:81117712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.mpsl"; http_uri; depth:11; isdataat:!1,relative; content:"178.33.83.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254611/; classtype:trojan-activity;sid:81117711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.mips"; http_uri; depth:11; isdataat:!1,relative; content:"178.33.83.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254610/; classtype:trojan-activity;sid:81117710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.x86"; http_uri; depth:10; isdataat:!1,relative; content:"178.33.83.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254609/; classtype:trojan-activity;sid:81117709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.sparc"; http_uri; depth:12; isdataat:!1,relative; content:"178.33.83.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254608/; classtype:trojan-activity;sid:81117708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.arm6"; http_uri; depth:11; isdataat:!1,relative; content:"178.33.83.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254607/; classtype:trojan-activity;sid:81117707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.arm5"; http_uri; depth:11; isdataat:!1,relative; content:"178.33.83.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254605/; classtype:trojan-activity;sid:81117705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.ppc"; http_uri; depth:10; isdataat:!1,relative; content:"178.33.83.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254604/; classtype:trojan-activity;sid:81117704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kraken.exe"; http_uri; depth:11; isdataat:!1,relative; content:"managemyshoes.tools"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254602/; classtype:trojan-activity;sid:81117702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"41.41.131.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254600/; classtype:trojan-activity;sid:81117700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"86.18.117.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254599/; classtype:trojan-activity;sid:81117699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pgvfckhjsdf.exe"; http_uri; depth:16; isdataat:!1,relative; content:"cbvgdf.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254598/; classtype:trojan-activity;sid:81117698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ifsrfghk"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254597/; classtype:trojan-activity;sid:81117697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/cjfayely"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254596/; classtype:trojan-activity;sid:81117696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/u9z6f7me"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254595/; classtype:trojan-activity;sid:81117695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/abwv78y1"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254594/; classtype:trojan-activity;sid:81117694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jsmdz7dg"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254593/; classtype:trojan-activity;sid:81117693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"67.163.156.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254592/; classtype:trojan-activity;sid:81117692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/index.exe"; http_uri; depth:10; isdataat:!1,relative; content:"coldstreamlandscape.ca"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254591/; classtype:trojan-activity;sid:81117691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"121.174.70.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254590/; classtype:trojan-activity;sid:81117690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"121.174.70.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254589/; classtype:trojan-activity;sid:81117689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"121.174.70.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254588/; classtype:trojan-activity;sid:81117688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"121.174.70.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254587/; classtype:trojan-activity;sid:81117687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mips"; http_uri; depth:17; isdataat:!1,relative; content:"121.174.70.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254586/; classtype:trojan-activity;sid:81117686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.spc"; http_uri; depth:16; isdataat:!1,relative; content:"121.174.70.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254585/; classtype:trojan-activity;sid:81117685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"121.174.70.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254584/; classtype:trojan-activity;sid:81117684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm"; http_uri; depth:16; isdataat:!1,relative; content:"121.174.70.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254582/; classtype:trojan-activity;sid:81117682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"121.174.70.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254581/; classtype:trojan-activity;sid:81117681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"121.174.70.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254580/; classtype:trojan-activity;sid:81117680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"121.174.70.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254579/; classtype:trojan-activity;sid:81117679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/630911118843576320/643723679376605184/bbuild1.exe"; http_uri; depth:62; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254578/; classtype:trojan-activity;sid:81117678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"221.210.211.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254576/; classtype:trojan-activity;sid:81117676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"210.126.15.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254574/; classtype:trojan-activity;sid:81117674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demand_price_list.exe"; http_uri; depth:22; isdataat:!1,relative; content:"www.newnight.com.tr"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254573/; classtype:trojan-activity;sid:81117673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kudi/kudi.exe"; http_uri; depth:14; isdataat:!1,relative; content:"dubem.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254572/; classtype:trojan-activity;sid:81117672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/630911118843576320/643861341907451974/buildlk4.exe"; http_uri; depth:63; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254570/; classtype:trojan-activity;sid:81117670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"185.144.157.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254569/; classtype:trojan-activity;sid:81117669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; content:"185.144.157.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254568/; classtype:trojan-activity;sid:81117668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"185.144.157.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254567/; classtype:trojan-activity;sid:81117667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.spc"; http_uri; depth:18; isdataat:!1,relative; content:"185.144.157.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254566/; classtype:trojan-activity;sid:81117666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"185.144.157.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254565/; classtype:trojan-activity;sid:81117665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"185.144.157.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254564/; classtype:trojan-activity;sid:81117664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"185.144.157.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254563/; classtype:trojan-activity;sid:81117663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mpsl"; http_uri; depth:19; isdataat:!1,relative; content:"185.144.157.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254562/; classtype:trojan-activity;sid:81117662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; content:"185.144.157.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254561/; classtype:trojan-activity;sid:81117661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"185.144.157.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254559/; classtype:trojan-activity;sid:81117659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; content:"185.144.157.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254557/; classtype:trojan-activity;sid:81117657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/606197629155803136/606203209505046535/964b1da45734e393.bat"; http_uri; depth:71; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254556/; classtype:trojan-activity;sid:81117656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/359657881357910016/476821371897380895/jopa.exe"; http_uri; depth:59; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254555/; classtype:trojan-activity;sid:81117655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bk5mfdxf"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254554/; classtype:trojan-activity;sid:81117654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uvzlslgi"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254553/; classtype:trojan-activity;sid:81117653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/vrttj4sx"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254552/; classtype:trojan-activity;sid:81117652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/z5qq0ie8"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254551/; classtype:trojan-activity;sid:81117651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/j6sshq71"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254550/; classtype:trojan-activity;sid:81117650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kgnusjt8"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254549/; classtype:trojan-activity;sid:81117649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/r0fnyc4t"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254548/; classtype:trojan-activity;sid:81117648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/m5vupjxv"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254547/; classtype:trojan-activity;sid:81117647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/1.txt"; http_uri; depth:17; isdataat:!1,relative; content:"ocean-v.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254546/; classtype:trojan-activity;sid:81117646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/1.exe"; http_uri; depth:17; isdataat:!1,relative; content:"ocean-v.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254545/; classtype:trojan-activity;sid:81117645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/c0hdgynb"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254544/; classtype:trojan-activity;sid:81117644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/8qhxa4yk"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254543/; classtype:trojan-activity;sid:81117643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zde6dfkc"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254542/; classtype:trojan-activity;sid:81117642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/82npcp37"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254541/; classtype:trojan-activity;sid:81117641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"192.119.115.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254540/; classtype:trojan-activity;sid:81117640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"173.25.113.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254539/; classtype:trojan-activity;sid:81117639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mips"; http_uri; depth:17; isdataat:!1,relative; content:"192.119.115.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254538/; classtype:trojan-activity;sid:81117638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; content:"198.12.97.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254537/; classtype:trojan-activity;sid:81117637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"192.119.115.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254536/; classtype:trojan-activity;sid:81117636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.spc"; http_uri; depth:16; isdataat:!1,relative; content:"192.119.115.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254535/; classtype:trojan-activity;sid:81117635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"192.119.115.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254534/; classtype:trojan-activity;sid:81117634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; content:"192.119.115.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254533/; classtype:trojan-activity;sid:81117633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"192.119.115.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254531/; classtype:trojan-activity;sid:81117631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; content:"192.119.115.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254530/; classtype:trojan-activity;sid:81117630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"192.119.115.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254529/; classtype:trojan-activity;sid:81117629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"192.119.115.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254528/; classtype:trojan-activity;sid:81117628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"192.119.115.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254526/; classtype:trojan-activity;sid:81117626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pawxq/hd/"; http_uri; depth:10; isdataat:!1,relative; content:"urhairlabo.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254525/; classtype:trojan-activity;sid:81117625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dev/ciafr952/"; http_uri; depth:14; isdataat:!1,relative; content:"vodavoda.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254524/; classtype:trojan-activity;sid:81117624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/framework.lift/bowb/"; http_uri; depth:21; isdataat:!1,relative; content:"aquafreshvk.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254523/; classtype:trojan-activity;sid:81117623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/vimeography/zcn/"; http_uri; depth:28; isdataat:!1,relative; content:"mountzionsnellville.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254522/; classtype:trojan-activity;sid:81117622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/och1/"; http_uri; depth:17; isdataat:!1,relative; content:"icclcricketainment.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254521/; classtype:trojan-activity;sid:81117621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ogh/h9m/"; http_uri; depth:9; isdataat:!1,relative; content:"masterlabphoto.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254520/; classtype:trojan-activity;sid:81117620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/1tzmc0jsn/"; http_uri; depth:22; isdataat:!1,relative; content:"akiba-anime.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254519/; classtype:trojan-activity;sid:81117619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/really-simple-ssl/testssl/cdn/q5j350/"; http_uri; depth:57; isdataat:!1,relative; content:"festivalinternacionaldehistoria.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254518/; classtype:trojan-activity;sid:81117618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/57374/"; http_uri; depth:16; isdataat:!1,relative; content:"thenyweekly.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254517/; classtype:trojan-activity;sid:81117617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/2ffjqq0/"; http_uri; depth:23; isdataat:!1,relative; content:"oshodrycleaning.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254516/; classtype:trojan-activity;sid:81117616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ikpd05/"; http_uri; depth:17; isdataat:!1,relative; content:"insulateerie.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254514/; classtype:trojan-activity;sid:81117614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/qtkm/"; http_uri; depth:17; isdataat:!1,relative; content:"fischer.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254513/; classtype:trojan-activity;sid:81117613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.250.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254512/; classtype:trojan-activity;sid:81117612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.250.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254511/; classtype:trojan-activity;sid:81117611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.x86"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.250.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254510/; classtype:trojan-activity;sid:81117610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.250.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254508/; classtype:trojan-activity;sid:81117608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.250.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254507/; classtype:trojan-activity;sid:81117607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.250.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254506/; classtype:trojan-activity;sid:81117606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.arm"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.250.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254505/; classtype:trojan-activity;sid:81117605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.mips"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.250.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254504/; classtype:trojan-activity;sid:81117604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.250.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254503/; classtype:trojan-activity;sid:81117603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.spc"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.250.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254502/; classtype:trojan-activity;sid:81117602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/h34rt.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.250.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254500/; classtype:trojan-activity;sid:81117600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nkhjdgfsa.exe"; http_uri; depth:14; isdataat:!1,relative; content:"cbvgdf.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254499/; classtype:trojan-activity;sid:81117599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/paulrohki-nam/kinam.ppc"; http_uri; depth:24; isdataat:!1,relative; content:"193.56.28.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254498/; classtype:trojan-activity;sid:81117598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/paulrohki-nam/kinam.arm"; http_uri; depth:24; isdataat:!1,relative; content:"193.56.28.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254497/; classtype:trojan-activity;sid:81117597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"198.12.97.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254496/; classtype:trojan-activity;sid:81117596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"198.12.97.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254495/; classtype:trojan-activity;sid:81117595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/paulrohki-nam/kinam.arm5"; http_uri; depth:25; isdataat:!1,relative; content:"193.56.28.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254494/; classtype:trojan-activity;sid:81117594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/paulrohki-nam/kinam.arm6"; http_uri; depth:25; isdataat:!1,relative; content:"193.56.28.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254493/; classtype:trojan-activity;sid:81117593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"198.12.97.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254492/; classtype:trojan-activity;sid:81117592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; content:"198.12.97.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254491/; classtype:trojan-activity;sid:81117591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/paulrohki-nam/kinam.x86"; http_uri; depth:24; isdataat:!1,relative; content:"193.56.28.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254490/; classtype:trojan-activity;sid:81117590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; content:"198.12.97.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254489/; classtype:trojan-activity;sid:81117589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/paulrohki-nam/kinam.mips"; http_uri; depth:25; isdataat:!1,relative; content:"193.56.28.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254488/; classtype:trojan-activity;sid:81117588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/paulrohki-nam/kinam.i686"; http_uri; depth:25; isdataat:!1,relative; content:"193.56.28.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254487/; classtype:trojan-activity;sid:81117587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"198.12.97.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254486/; classtype:trojan-activity;sid:81117586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/paulrohki-nam/kinam.mpsl"; http_uri; depth:25; isdataat:!1,relative; content:"193.56.28.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254485/; classtype:trojan-activity;sid:81117585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; content:"198.12.97.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254484/; classtype:trojan-activity;sid:81117584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"198.12.97.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254483/; classtype:trojan-activity;sid:81117583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"198.12.97.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254482/; classtype:trojan-activity;sid:81117582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"198.12.97.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254481/; classtype:trojan-activity;sid:81117581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/paulrohki-nam/kinam.m68k"; http_uri; depth:25; isdataat:!1,relative; content:"193.56.28.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254480/; classtype:trojan-activity;sid:81117580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/paulrohki-nam/kinam.spc"; http_uri; depth:24; isdataat:!1,relative; content:"193.56.28.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254479/; classtype:trojan-activity;sid:81117579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; content:"198.12.97.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254478/; classtype:trojan-activity;sid:81117578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/paulrohki-nam/kinam.sh4"; http_uri; depth:24; isdataat:!1,relative; content:"193.56.28.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254477/; classtype:trojan-activity;sid:81117577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/paulrohki-nam/kinam.arm7"; http_uri; depth:25; isdataat:!1,relative; content:"193.56.28.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_17; reference:url, urlhaus.abuse.ch/url/254476/; classtype:trojan-activity;sid:81117576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254475/; classtype:trojan-activity;sid:81117575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/car/c.exe"; http_uri; depth:10; isdataat:!1,relative; content:"49.234.210.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254474/; classtype:trojan-activity;sid:81117574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scat01/1/downloads/wacatac_2019-11-16_11-47.exe"; http_uri; depth:48; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254472/; classtype:trojan-activity;sid:81117572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pjhhdf.exe"; http_uri; depth:11; isdataat:!1,relative; content:"cbvgdf.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254471/; classtype:trojan-activity;sid:81117571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ndfhjds.exe"; http_uri; depth:12; isdataat:!1,relative; content:"cbvgdf.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254469/; classtype:trojan-activity;sid:81117569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/carm/single.exe"; http_uri; depth:16; isdataat:!1,relative; content:"sprucedale.ca"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254468/; classtype:trojan-activity;sid:81117568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/carm/license.exe"; http_uri; depth:17; isdataat:!1,relative; content:"sprucedale.ca"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254466/; classtype:trojan-activity;sid:81117566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/win32.exe"; http_uri; depth:10; isdataat:!1,relative; content:"155.94.236.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254465/; classtype:trojan-activity;sid:81117565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/6bd9630e-748d-444c-b625-36d2ad516a1a/downloads/42a47981-916e-4e52-95ea-60f4a42db51d/setup_c.exesignature=l1fbkqpv8gfwiwlhmav0lgtnz%2bi%3d|26|expires=1573903742|26|awsaccesskeyid=akiaiqwxw6wlxmb5qzaq|26|versionid=vxrfq.taad7wvljt2bxhafr4ngv8rfc5|26|response-content-disposition=attachment%3b%20filename%3d%22setup_c.exe%22"; http_uri; depth:322; isdataat:!1,relative; content:"bbuseruploads.s3.amazonaws.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254464/; classtype:trojan-activity;sid:81117564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x/y.dll"; http_uri; depth:8; isdataat:!1,relative; content:"111.90.148.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254463/; classtype:trojan-activity;sid:81117563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kraken.exe"; http_uri; depth:11; isdataat:!1,relative; content:"newwavesshoes.tools"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254462/; classtype:trojan-activity;sid:81117562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/areabecome/cloude/downloads/setup_c.exe"; http_uri; depth:40; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254461/; classtype:trojan-activity;sid:81117561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"193.70.36.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254460/; classtype:trojan-activity;sid:81117560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"193.70.36.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254459/; classtype:trojan-activity;sid:81117559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"193.70.36.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254458/; classtype:trojan-activity;sid:81117558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"193.70.36.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254457/; classtype:trojan-activity;sid:81117557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"193.70.36.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254456/; classtype:trojan-activity;sid:81117556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"193.70.36.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254455/; classtype:trojan-activity;sid:81117555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"193.70.36.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254454/; classtype:trojan-activity;sid:81117554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"193.70.36.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254453/; classtype:trojan-activity;sid:81117553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; content:"193.70.36.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254452/; classtype:trojan-activity;sid:81117552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"193.70.36.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254451/; classtype:trojan-activity;sid:81117551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"193.70.36.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254450/; classtype:trojan-activity;sid:81117550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"193.70.36.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254449/; classtype:trojan-activity;sid:81117549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"193.70.36.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254448/; classtype:trojan-activity;sid:81117548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jk83keqi"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254447/; classtype:trojan-activity;sid:81117547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/czrrxg1e"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254446/; classtype:trojan-activity;sid:81117546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/m6mlxajm"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254445/; classtype:trojan-activity;sid:81117545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/trixbins.sh"; http_uri; depth:12; isdataat:!1,relative; content:"193.70.36.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254444/; classtype:trojan-activity;sid:81117544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/11/home/aaaa.png"; http_uri; depth:41; isdataat:!1,relative; content:"pingup.ir"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254443/; classtype:trojan-activity;sid:81117543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bit32.exe"; http_uri; depth:10; isdataat:!1,relative; content:"nahrungsmittel.ml"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254442/; classtype:trojan-activity;sid:81117542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/492206903632330755/558329379009069076/raf.exe"; http_uri; depth:58; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254441/; classtype:trojan-activity;sid:81117541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/tzz8928z"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254440/; classtype:trojan-activity;sid:81117540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_manager/templates/actions/c4toling.zip"; http_uri; depth:40; isdataat:!1,relative; content:"medianews.ge"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254438/; classtype:trojan-activity;sid:81117538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/updating_32zs6f54f6rg1543tg32/ku.arm6"; http_uri; depth:38; isdataat:!1,relative; content:"179.43.149.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254436/; classtype:trojan-activity;sid:81117536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/updating_32zs6f54f6rg1543tg32/ku.mpsl"; http_uri; depth:38; isdataat:!1,relative; content:"179.43.149.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254435/; classtype:trojan-activity;sid:81117535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/updating_32zs6f54f6rg1543tg32/ku.spc"; http_uri; depth:37; isdataat:!1,relative; content:"179.43.149.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254434/; classtype:trojan-activity;sid:81117534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/updating_32zs6f54f6rg1543tg32/ku.sh4"; http_uri; depth:37; isdataat:!1,relative; content:"179.43.149.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254433/; classtype:trojan-activity;sid:81117533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/updating_32zs6f54f6rg1543tg32/ku.i686"; http_uri; depth:38; isdataat:!1,relative; content:"179.43.149.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254432/; classtype:trojan-activity;sid:81117532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/updating_32zs6f54f6rg1543tg32/ku.ppc"; http_uri; depth:37; isdataat:!1,relative; content:"179.43.149.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254431/; classtype:trojan-activity;sid:81117531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/updating_32zs6f54f6rg1543tg32/ku.arm5"; http_uri; depth:38; isdataat:!1,relative; content:"179.43.149.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254430/; classtype:trojan-activity;sid:81117530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/updating_32zs6f54f6rg1543tg32/ku.m68k"; http_uri; depth:38; isdataat:!1,relative; content:"179.43.149.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254429/; classtype:trojan-activity;sid:81117529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/updating_32zs6f54f6rg1543tg32/ku.x86"; http_uri; depth:37; isdataat:!1,relative; content:"179.43.149.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254428/; classtype:trojan-activity;sid:81117528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/updating_32zs6f54f6rg1543tg32/ku.arm7"; http_uri; depth:38; isdataat:!1,relative; content:"179.43.149.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254427/; classtype:trojan-activity;sid:81117527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/updating_32zs6f54f6rg1543tg32/ku.mips"; http_uri; depth:38; isdataat:!1,relative; content:"179.43.149.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254426/; classtype:trojan-activity;sid:81117526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/updating_32zs6f54f6rg1543tg32/ku.arm"; http_uri; depth:37; isdataat:!1,relative; content:"179.43.149.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254425/; classtype:trojan-activity;sid:81117525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"185.29.54.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254423/; classtype:trojan-activity;sid:81117523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ehh0ngeho7/"; http_uri; depth:23; isdataat:!1,relative; content:"hidrojatobrasil.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254422/; classtype:trojan-activity;sid:81117522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/n5e/"; http_uri; depth:14; isdataat:!1,relative; content:"notariuszswietochlowice.pl"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254421/; classtype:trojan-activity;sid:81117521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pawxq/hd/"; http_uri; depth:10; isdataat:!1,relative; content:"www.urhairlabo.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254420/; classtype:trojan-activity;sid:81117520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/9a6/"; http_uri; depth:16; isdataat:!1,relative; content:"blog.begumnazli.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254419/; classtype:trojan-activity;sid:81117519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab9vk/aty0i/"; http_uri; depth:13; isdataat:!1,relative; content:"rcw-lb.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254417/; classtype:trojan-activity;sid:81117517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/ferro.png"; http_uri; depth:17; isdataat:!1,relative; content:"195.123.220.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254416/; classtype:trojan-activity;sid:81117516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/foto1.png"; http_uri; depth:17; isdataat:!1,relative; content:"195.123.220.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254415/; classtype:trojan-activity;sid:81117515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/moning1.png"; http_uri; depth:19; isdataat:!1,relative; content:"195.123.220.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254414/; classtype:trojan-activity;sid:81117514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/moning1.png"; http_uri; depth:12; isdataat:!1,relative; content:"193.3.247.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_16; reference:url, urlhaus.abuse.ch/url/254413/; classtype:trojan-activity;sid:81117513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/qtkm/"; http_uri; depth:17; isdataat:!1,relative; content:"www.fischer.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254412/; classtype:trojan-activity;sid:81117512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ogh/h9m/"; http_uri; depth:9; isdataat:!1,relative; content:"www.masterlabphoto.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254411/; classtype:trojan-activity;sid:81117511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/c/"; http_uri; depth:12; isdataat:!1,relative; content:"elegancefamilysalon.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254410/; classtype:trojan-activity;sid:81117510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1nwr3ul/6l1/"; http_uri; depth:13; isdataat:!1,relative; content:"www.centrocultural.ifaaje.com.br"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254409/; classtype:trojan-activity;sid:81117509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/g5/"; http_uri; depth:15; isdataat:!1,relative; content:"adspioneer.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254407/; classtype:trojan-activity;sid:81117507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/jho-xn0q-0120953794/"; http_uri; depth:35; isdataat:!1,relative; content:"www.yinqilawyer.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254406/; classtype:trojan-activity;sid:81117506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tg9w/3f8-6uf3d6kfoe-34601529/"; http_uri; depth:30; isdataat:!1,relative; content:"www.bida123.pw"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254405/; classtype:trojan-activity;sid:81117505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/wzvoi-hie6wnpywe-28554129/"; http_uri; depth:36; isdataat:!1,relative; content:"akcan-turizm.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254404/; classtype:trojan-activity;sid:81117504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/nmhxgj/"; http_uri; depth:17; isdataat:!1,relative; content:"water-cooled-cycles.000webhostapp.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254403/; classtype:trojan-activity;sid:81117503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/kzxuxx/"; http_uri; depth:16; isdataat:!1,relative; content:"suarezcorredores.cl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254401/; classtype:trojan-activity;sid:81117501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/system/system_file.ppc"; http_uri; depth:23; isdataat:!1,relative; content:"167.99.229.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254400/; classtype:trojan-activity;sid:81117500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/system/system_file.arm6"; http_uri; depth:24; isdataat:!1,relative; content:"167.99.229.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254399/; classtype:trojan-activity;sid:81117499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/system/system_file.arm5"; http_uri; depth:24; isdataat:!1,relative; content:"167.99.229.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254398/; classtype:trojan-activity;sid:81117498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/system/system_file.spc"; http_uri; depth:23; isdataat:!1,relative; content:"167.99.229.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254397/; classtype:trojan-activity;sid:81117497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/system/system_file.x86"; http_uri; depth:23; isdataat:!1,relative; content:"167.99.229.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254396/; classtype:trojan-activity;sid:81117496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/system/system_file.arm"; http_uri; depth:23; isdataat:!1,relative; content:"167.99.229.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254395/; classtype:trojan-activity;sid:81117495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/system/system_file.sh4"; http_uri; depth:23; isdataat:!1,relative; content:"167.99.229.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254394/; classtype:trojan-activity;sid:81117494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/system/system_file.arm7"; http_uri; depth:24; isdataat:!1,relative; content:"167.99.229.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254393/; classtype:trojan-activity;sid:81117493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/system/system_file.mpsl"; http_uri; depth:24; isdataat:!1,relative; content:"167.99.229.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254392/; classtype:trojan-activity;sid:81117492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/system/system_file.m68k"; http_uri; depth:24; isdataat:!1,relative; content:"167.99.229.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254391/; classtype:trojan-activity;sid:81117491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/system/system_file.mips"; http_uri; depth:24; isdataat:!1,relative; content:"167.99.229.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254390/; classtype:trojan-activity;sid:81117490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/database/3yiwuo3886/"; http_uri; depth:21; isdataat:!1,relative; content:"5leapfoods.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254389/; classtype:trojan-activity;sid:81117489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/pjk0l43/"; http_uri; depth:20; isdataat:!1,relative; content:"komiolaf.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254388/; classtype:trojan-activity;sid:81117488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/x7de156/"; http_uri; depth:18; isdataat:!1,relative; content:"tapucreative.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254387/; classtype:trojan-activity;sid:81117487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/y455/"; http_uri; depth:17; isdataat:!1,relative; content:"takanah.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254386/; classtype:trojan-activity;sid:81117486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/r7/"; http_uri; depth:15; isdataat:!1,relative; content:"www.cowmeys.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254385/; classtype:trojan-activity;sid:81117485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/szlv6/"; http_uri; depth:15; isdataat:!1,relative; content:"darbarbd.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254384/; classtype:trojan-activity;sid:81117484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/b/"; http_uri; depth:12; isdataat:!1,relative; content:"dansofconsultancy.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254383/; classtype:trojan-activity;sid:81117483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/uab9/"; http_uri; depth:15; isdataat:!1,relative; content:"rajasthanrajput.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254382/; classtype:trojan-activity;sid:81117482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/och1/"; http_uri; depth:17; isdataat:!1,relative; content:"www.icclcricketainment.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254381/; classtype:trojan-activity;sid:81117481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/ahaugbtt/"; http_uri; depth:20; isdataat:!1,relative; content:"housedream.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254380/; classtype:trojan-activity;sid:81117480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/descargas/masterconfigs.exe"; http_uri; depth:28; isdataat:!1,relative; content:"www.ibanezservers.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254379/; classtype:trojan-activity;sid:81117479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"122.230.219.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254377/; classtype:trojan-activity;sid:81117477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rfxczfdsxzcsd.exe"; http_uri; depth:18; isdataat:!1,relative; content:"ghkjzxf.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254376/; classtype:trojan-activity;sid:81117476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/@recycle/siubtrh1gz/"; http_uri; depth:21; isdataat:!1,relative; content:"www.kosmetikapribram.cz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254375/; classtype:trojan-activity;sid:81117475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rsdfjdhsdkj.exe"; http_uri; depth:16; isdataat:!1,relative; content:"ghkjzxf.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254373/; classtype:trojan-activity;sid:81117473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/panda.exe"; http_uri; depth:10; isdataat:!1,relative; content:"upload-stat3.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254372/; classtype:trojan-activity;sid:81117472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eupanda.exe"; http_uri; depth:12; isdataat:!1,relative; content:"upload-stat3.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254371/; classtype:trojan-activity;sid:81117471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/read.exe"; http_uri; depth:9; isdataat:!1,relative; content:"194.76.224.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254370/; classtype:trojan-activity;sid:81117470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m+-o+-|26|gt|3b|/tmp/gpon80|3b|sh+/tmp/gpon80|26|amp"; http_uri; depth:58; isdataat:!1,relative; content:"197.50.92.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254369/; classtype:trojan-activity;sid:81117469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mshop/cart/ship88912.zip"; http_uri; depth:25; isdataat:!1,relative; content:"parkhan.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254368/; classtype:trojan-activity;sid:81117468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/6prx95a9i-vtp5ip-4577/"; http_uri; depth:32; isdataat:!1,relative; content:"royaltyreigninvestments.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254367/; classtype:trojan-activity;sid:81117467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/pna5uvi8m-xc2rx4-2916/"; http_uri; depth:32; isdataat:!1,relative; content:"greenercleanteam.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254366/; classtype:trojan-activity;sid:81117466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ztlj/yzerfh/"; http_uri; depth:13; isdataat:!1,relative; content:"spellingwordsforchildren.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254365/; classtype:trojan-activity;sid:81117465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ff0lb/cache/hzvv-esr-01265/"; http_uri; depth:28; isdataat:!1,relative; content:"shop.saltdogs.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254364/; classtype:trojan-activity;sid:81117464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/m470nnd-812elzbj2-399354251/"; http_uri; depth:41; isdataat:!1,relative; content:"rodproperties.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254363/; classtype:trojan-activity;sid:81117463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/526020531842056212/607942155113332736/qq.com"; http_uri; depth:57; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254362/; classtype:trojan-activity;sid:81117462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/imns/ant4c.exe"; http_uri; depth:15; isdataat:!1,relative; content:"imnurdcv.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254361/; classtype:trojan-activity;sid:81117461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/peruorganico/ebbbxx37155/"; http_uri; depth:26; isdataat:!1,relative; content:"peruorganiconatural.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254360/; classtype:trojan-activity;sid:81117460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/backup/864/"; http_uri; depth:12; isdataat:!1,relative; content:"artnkrafts.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254359/; classtype:trojan-activity;sid:81117459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/hno148/"; http_uri; depth:19; isdataat:!1,relative; content:"arvinhayat.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254358/; classtype:trojan-activity;sid:81117458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/9l067165/"; http_uri; depth:34; isdataat:!1,relative; content:"mototorg.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254357/; classtype:trojan-activity;sid:81117457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/1u4ufp4/"; http_uri; depth:18; isdataat:!1,relative; content:"primekala.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254356/; classtype:trojan-activity;sid:81117456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/hj/"; http_uri; depth:13; isdataat:!1,relative; content:"turkuazhavacilik.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254355/; classtype:trojan-activity;sid:81117455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/5ycsmjhtyq/"; http_uri; depth:20; isdataat:!1,relative; content:"mawqi3.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254354/; classtype:trojan-activity;sid:81117454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; content:"www.kosmetikapribram.cz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254353/; classtype:trojan-activity;sid:81117453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/qsvpuqk/"; http_uri; depth:20; isdataat:!1,relative; content:"cinemanews.info"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254352/; classtype:trojan-activity;sid:81117452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/fwd9br/"; http_uri; depth:16; isdataat:!1,relative; content:"digestyn7.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254351/; classtype:trojan-activity;sid:81117451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; content:"185.224.131.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254350/; classtype:trojan-activity;sid:81117450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; content:"185.224.131.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254349/; classtype:trojan-activity;sid:81117449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; content:"185.224.131.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254348/; classtype:trojan-activity;sid:81117448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; content:"185.224.131.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254347/; classtype:trojan-activity;sid:81117447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; content:"185.224.131.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254346/; classtype:trojan-activity;sid:81117446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; content:"185.224.131.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254345/; classtype:trojan-activity;sid:81117445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; content:"185.224.131.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254344/; classtype:trojan-activity;sid:81117444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; content:"185.224.131.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254343/; classtype:trojan-activity;sid:81117443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; content:"185.224.131.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254342/; classtype:trojan-activity;sid:81117442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; content:"185.224.131.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254341/; classtype:trojan-activity;sid:81117441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; content:"185.224.131.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254340/; classtype:trojan-activity;sid:81117440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/priv8/putty.exe"; http_uri; depth:16; isdataat:!1,relative; content:"157.52.211.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254339/; classtype:trojan-activity;sid:81117439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; content:"185.224.131.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254338/; classtype:trojan-activity;sid:81117438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/getrawfile/file.txt"; http_uri; depth:20; isdataat:!1,relative; content:"datapscanner.stream"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254337/; classtype:trojan-activity;sid:81117437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.spc"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.250.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254335/; classtype:trojan-activity;sid:81117435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"185.112.250.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254334/; classtype:trojan-activity;sid:81117434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m8fhyr3/f4qa6tn86-ktnl7-46641246/"; http_uri; depth:34; isdataat:!1,relative; content:"cdm.life"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254333/; classtype:trojan-activity;sid:81117433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2017/12/sfyh-htltzk5sne-8924/"; http_uri; depth:49; isdataat:!1,relative; content:"freegpbx.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254332/; classtype:trojan-activity;sid:81117432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/k033t66-m3f7nf-097240791/"; http_uri; depth:38; isdataat:!1,relative; content:"venteexpress.ma"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254331/; classtype:trojan-activity;sid:81117431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xni/qd36ey05-7tbzh-884761/"; http_uri; depth:27; isdataat:!1,relative; content:"standardshoppers.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254330/; classtype:trojan-activity;sid:81117430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/dylpfcmm/"; http_uri; depth:19; isdataat:!1,relative; content:"lakazamuestra.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254329/; classtype:trojan-activity;sid:81117429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"50.198.129.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254328/; classtype:trojan-activity;sid:81117428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/imns/nwc.exe"; http_uri; depth:13; isdataat:!1,relative; content:"imnurdcv.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254327/; classtype:trojan-activity;sid:81117427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/imns/azc.exe"; http_uri; depth:13; isdataat:!1,relative; content:"imnurdcv.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254326/; classtype:trojan-activity;sid:81117426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/11/goods/77707221.zip"; http_uri; depth:46; isdataat:!1,relative; content:"hodanlyltd.000webhostapp.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254325/; classtype:trojan-activity;sid:81117425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/11/up/6391.zip"; http_uri; depth:39; isdataat:!1,relative; content:"dropshipbay.co.uk"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254324/; classtype:trojan-activity;sid:81117424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/11/up/713606.zip"; http_uri; depth:41; isdataat:!1,relative; content:"layarkacageminits.000webhostapp.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254323/; classtype:trojan-activity;sid:81117423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/11/goods/93621.zip"; http_uri; depth:43; isdataat:!1,relative; content:"drjimenezricmaje.000webhostapp.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254322/; classtype:trojan-activity;sid:81117422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/11/up/363573.zip"; http_uri; depth:41; isdataat:!1,relative; content:"dropshipbay.co.uk"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254321/; classtype:trojan-activity;sid:81117421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/apikey/goods/2722.zip"; http_uri; depth:41; isdataat:!1,relative; content:"hoanghuyhaiphong.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254320/; classtype:trojan-activity;sid:81117420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/11/up/6774083.zip"; http_uri; depth:42; isdataat:!1,relative; content:"dropshipbay.co.uk"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254319/; classtype:trojan-activity;sid:81117419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/build/amd/nclookup.exe"; http_uri; depth:23; isdataat:!1,relative; content:"45.67.229.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254318/; classtype:trojan-activity;sid:81117418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/08/drsstor.bin"; http_uri; depth:39; isdataat:!1,relative; content:"damayab.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254317/; classtype:trojan-activity;sid:81117417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/ourus/2.exe"; http_uri; depth:17; isdataat:!1,relative; content:"upload-stat4.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254316/; classtype:trojan-activity;sid:81117416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/build/xcoremanagment.exe"; http_uri; depth:25; isdataat:!1,relative; content:"45.67.229.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254315/; classtype:trojan-activity;sid:81117415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/build/loader.exe"; http_uri; depth:17; isdataat:!1,relative; content:"45.67.229.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254314/; classtype:trojan-activity;sid:81117414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mnx/rem6.exe"; http_uri; depth:13; isdataat:!1,relative; content:"jnfglobe.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254312/; classtype:trojan-activity;sid:81117412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kodi_repo/repo/script.media.aggregator/script.media.aggregator-0.40.6.zip"; http_uri; depth:74; isdataat:!1,relative; content:"vadyur.github.io"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254311/; classtype:trojan-activity;sid:81117411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.arm"; http_uri; depth:15; isdataat:!1,relative; content:"159.89.201.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254310/; classtype:trojan-activity;sid:81117410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"159.89.201.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254309/; classtype:trojan-activity;sid:81117409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"159.89.201.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254308/; classtype:trojan-activity;sid:81117408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.mips"; http_uri; depth:16; isdataat:!1,relative; content:"159.89.201.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254307/; classtype:trojan-activity;sid:81117407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.spc"; http_uri; depth:15; isdataat:!1,relative; content:"159.89.201.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254306/; classtype:trojan-activity;sid:81117406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"159.89.201.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254305/; classtype:trojan-activity;sid:81117405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"159.89.201.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254304/; classtype:trojan-activity;sid:81117404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.x86"; http_uri; depth:15; isdataat:!1,relative; content:"159.89.201.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254303/; classtype:trojan-activity;sid:81117403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"159.89.201.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254302/; classtype:trojan-activity;sid:81117402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"159.89.201.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254301/; classtype:trojan-activity;sid:81117401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"159.89.201.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254300/; classtype:trojan-activity;sid:81117400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ffbtxb/mire4ww/"; http_uri; depth:16; isdataat:!1,relative; content:"shenm.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254299/; classtype:trojan-activity;sid:81117399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/h0l/"; http_uri; depth:24; isdataat:!1,relative; content:"bali.com.br"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254298/; classtype:trojan-activity;sid:81117398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/87jy/"; http_uri; depth:17; isdataat:!1,relative; content:"jasamebel.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254297/; classtype:trojan-activity;sid:81117397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ntc7om/"; http_uri; depth:17; isdataat:!1,relative; content:"www.terencekwan.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254296/; classtype:trojan-activity;sid:81117396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/install/5mp1/"; http_uri; depth:14; isdataat:!1,relative; content:"www.windyne.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254295/; classtype:trojan-activity;sid:81117395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/eu/1.exe"; http_uri; depth:14; isdataat:!1,relative; content:"upload-stat4.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254294/; classtype:trojan-activity;sid:81117394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/us/2.exe"; http_uri; depth:14; isdataat:!1,relative; content:"upload-stat4.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254293/; classtype:trojan-activity;sid:81117393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kodi_repo/repo/script.media.aggregator/script.media.aggregator-2.0.9.zip"; http_uri; depth:73; isdataat:!1,relative; content:"vadyur.github.io"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254291/; classtype:trojan-activity;sid:81117391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kodi_repo/repo/script.media.aggregator/script.media.aggregator-0.21.5.zip"; http_uri; depth:74; isdataat:!1,relative; content:"vadyur.github.io"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254289/; classtype:trojan-activity;sid:81117389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dev/ciafr952/"; http_uri; depth:14; isdataat:!1,relative; content:"www.vodavoda.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254288/; classtype:trojan-activity;sid:81117388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lsa/hwa222884/"; http_uri; depth:15; isdataat:!1,relative; content:"space.technode.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254287/; classtype:trojan-activity;sid:81117387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y9xj/shu19339/"; http_uri; depth:15; isdataat:!1,relative; content:"j-toputvoutfitters.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254286/; classtype:trojan-activity;sid:81117386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/really-simple-ssl/testssl/cdn/q5j350/"; http_uri; depth:57; isdataat:!1,relative; content:"festivalinternacionaldehistoria.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254285/; classtype:trojan-activity;sid:81117385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/1u9261/"; http_uri; depth:17; isdataat:!1,relative; content:"www.jagoron71.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254284/; classtype:trojan-activity;sid:81117384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pjhhdf.exe"; http_uri; depth:11; isdataat:!1,relative; content:"zxczxf.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254283/; classtype:trojan-activity;sid:81117383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ndfhjds.exe"; http_uri; depth:12; isdataat:!1,relative; content:"zxczxf.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254282/; classtype:trojan-activity;sid:81117382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"59.127.136.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254281/; classtype:trojan-activity;sid:81117381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/ourus/1.exe"; http_uri; depth:17; isdataat:!1,relative; content:"upload-stat4.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254280/; classtype:trojan-activity;sid:81117380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"109.107.249.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254279/; classtype:trojan-activity;sid:81117379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/updater.exe"; http_uri; depth:12; isdataat:!1,relative; content:"185.212.130.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254278/; classtype:trojan-activity;sid:81117378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/crypt_exe_lite_prj_eagle_2.exe"; http_uri; depth:31; isdataat:!1,relative; content:"www.cocotraffic.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254277/; classtype:trojan-activity;sid:81117377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y4m4gfpe3wwakcul-ab0lts8clb96k9vltukuf9ugi7qdydw2u5khg5d0ef5hny9bc9vp2uo5mdo4nlgzjgrxvzchbd_8nbmsaaztoys7kixugewda9mt3t4is-95luwujdu6gh53pvngk5cgvstuposo17y1m3kdl5vefdvgd80yjgcuxcmsjlrrzllseihepfniumaytr-ks1maijdlvdpq/img_wa-d0014.lzhdownload|26|psid=1"; http_uri; depth:253; isdataat:!1,relative; content:"1rjxxa.ch.files.1drv.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254276/; classtype:trojan-activity;sid:81117376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/wyolb4-r3ax9gtkcg-611/"; http_uri; depth:34; isdataat:!1,relative; content:"xyshbk.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254275/; classtype:trojan-activity;sid:81117375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/iuyweuj/"; http_uri; depth:18; isdataat:!1,relative; content:"ftpmsa.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254274/; classtype:trojan-activity;sid:81117374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/csfcphi/"; http_uri; depth:18; isdataat:!1,relative; content:"lightscafe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254273/; classtype:trojan-activity;sid:81117373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/hrs41inn4-1waeob107-172/"; http_uri; depth:34; isdataat:!1,relative; content:"thewarroom.show"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254272/; classtype:trojan-activity;sid:81117372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/jg9209ttb-ebshh9ll-1346/"; http_uri; depth:37; isdataat:!1,relative; content:"www.nestbloom.tw"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254271/; classtype:trojan-activity;sid:81117371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/m9xfl/"; http_uri; depth:16; isdataat:!1,relative; content:"extragifts.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254270/; classtype:trojan-activity;sid:81117370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/p/"; http_uri; depth:14; isdataat:!1,relative; content:"firmaofis.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254269/; classtype:trojan-activity;sid:81117369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/j7i72s/"; http_uri; depth:17; isdataat:!1,relative; content:"invernessdesignbuild.ca"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254268/; classtype:trojan-activity;sid:81117368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/v/"; http_uri; depth:12; isdataat:!1,relative; content:"thccamera.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254267/; classtype:trojan-activity;sid:81117367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ft0r5/"; http_uri; depth:16; isdataat:!1,relative; content:"linume.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254266/; classtype:trojan-activity;sid:81117366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/drsstor.bin"; http_uri; depth:12; isdataat:!1,relative; content:"ron4law.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254265/; classtype:trojan-activity;sid:81117365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/2ffjqq0/"; http_uri; depth:23; isdataat:!1,relative; content:"www.oshodrycleaning.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254264/; classtype:trojan-activity;sid:81117364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/qw6/"; http_uri; depth:14; isdataat:!1,relative; content:"wininstantly.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254263/; classtype:trojan-activity;sid:81117363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/yrx39/"; http_uri; depth:26; isdataat:!1,relative; content:"dispatchd.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254262/; classtype:trojan-activity;sid:81117362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/6pbw00/"; http_uri; depth:20; isdataat:!1,relative; content:"edalatiranian.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254261/; classtype:trojan-activity;sid:81117361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/wp7/"; http_uri; depth:14; isdataat:!1,relative; content:"rout66motors.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254260/; classtype:trojan-activity;sid:81117360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mike/miket.exe"; http_uri; depth:15; isdataat:!1,relative; content:"realgauthier.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254259/; classtype:trojan-activity;sid:81117359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sam/yan.exe"; http_uri; depth:12; isdataat:!1,relative; content:"realgauthier.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254258/; classtype:trojan-activity;sid:81117358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a8cnsm7x.exe"; http_uri; depth:13; isdataat:!1,relative; content:"m.put.re"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254256/; classtype:trojan-activity;sid:81117356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=3b785f4a2ff71657|26|resid=3b785f4a2ff71657%21143|26|authkey=amox8paxqkbqe4y"; http_uri; depth:88; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254255/; classtype:trojan-activity;sid:81117355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kjnyaw6g"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254254/; classtype:trojan-activity;sid:81117354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/du0bku98"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254253/; classtype:trojan-activity;sid:81117353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sinterp.png"; http_uri; depth:12; isdataat:!1,relative; content:"82.146.39.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254251/; classtype:trojan-activity;sid:81117351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xwzxf2wq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254252/; classtype:trojan-activity;sid:81117352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tiners.exe"; http_uri; depth:11; isdataat:!1,relative; content:"82.146.39.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254250/; classtype:trojan-activity;sid:81117350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tin64.exe"; http_uri; depth:10; isdataat:!1,relative; content:"82.146.39.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254249/; classtype:trojan-activity;sid:81117349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/swjkmntf.exe"; http_uri; depth:13; isdataat:!1,relative; content:"82.146.39.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254248/; classtype:trojan-activity;sid:81117348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/data3.php1c00c7cc9f75fc09"; http_uri; depth:26; isdataat:!1,relative; content:"mirkolkdb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254247/; classtype:trojan-activity;sid:81117347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/643490154576740352/644103335401619466/scanned131119.zip"; http_uri; depth:68; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254246/; classtype:trojan-activity;sid:81117346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/dcjvfzhq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254245/; classtype:trojan-activity;sid:81117345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/638884751054340122/644696992462798848/tnt_collections_consignment_k378-19-sic-ry_-_athena_ref._ae19-295111_1.ace"; http_uri; depth:125; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254244/; classtype:trojan-activity;sid:81117344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/644441640345403413/644441978016366592/tt_hzl_kopya_pdf_________________________.zip"; http_uri; depth:96; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254243/; classtype:trojan-activity;sid:81117343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orphic.spc"; http_uri; depth:16; isdataat:!1,relative; content:"194.15.36.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254242/; classtype:trojan-activity;sid:81117342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orphic.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"194.15.36.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254241/; classtype:trojan-activity;sid:81117341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orphic.x86"; http_uri; depth:16; isdataat:!1,relative; content:"194.15.36.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254240/; classtype:trojan-activity;sid:81117340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orphic.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"194.15.36.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254239/; classtype:trojan-activity;sid:81117339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orphic.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"194.15.36.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254238/; classtype:trojan-activity;sid:81117338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orphic.mips"; http_uri; depth:17; isdataat:!1,relative; content:"194.15.36.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254237/; classtype:trojan-activity;sid:81117337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orphic.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"194.15.36.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254236/; classtype:trojan-activity;sid:81117336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orphic.kill"; http_uri; depth:17; isdataat:!1,relative; content:"194.15.36.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254235/; classtype:trojan-activity;sid:81117335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orphic.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"194.15.36.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254234/; classtype:trojan-activity;sid:81117334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orphic.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"194.15.36.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254233/; classtype:trojan-activity;sid:81117333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orphic.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"194.15.36.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254232/; classtype:trojan-activity;sid:81117332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orphic.arm"; http_uri; depth:16; isdataat:!1,relative; content:"194.15.36.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254231/; classtype:trojan-activity;sid:81117331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.x86"; http_uri; depth:11; isdataat:!1,relative; content:"194.15.36.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254230/; classtype:trojan-activity;sid:81117330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.mpsl"; http_uri; depth:12; isdataat:!1,relative; content:"194.15.36.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254229/; classtype:trojan-activity;sid:81117329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.arm7"; http_uri; depth:12; isdataat:!1,relative; content:"194.15.36.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254228/; classtype:trojan-activity;sid:81117328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.arm5"; http_uri; depth:12; isdataat:!1,relative; content:"194.15.36.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254227/; classtype:trojan-activity;sid:81117327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.arm"; http_uri; depth:11; isdataat:!1,relative; content:"194.15.36.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254226/; classtype:trojan-activity;sid:81117326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/krn3bwkf"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254225/; classtype:trojan-activity;sid:81117325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xsn26vb7"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254224/; classtype:trojan-activity;sid:81117324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/c1m7bsdb"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254223/; classtype:trojan-activity;sid:81117323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/hdg9nvqx"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254222/; classtype:trojan-activity;sid:81117322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ivpunfdt"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254221/; classtype:trojan-activity;sid:81117321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/chrome.bin"; http_uri; depth:15; isdataat:!1,relative; content:"gastankevents.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254220/; classtype:trojan-activity;sid:81117320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/425306540338315265/606564981332246548/2ip.exe"; http_uri; depth:58; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254219/; classtype:trojan-activity;sid:81117319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/606212996922081302/606565863390445620/www.exe"; http_uri; depth:58; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254218/; classtype:trojan-activity;sid:81117318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lcv/x1bzf/"; http_uri; depth:11; isdataat:!1,relative; content:"gencturkiye.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254217/; classtype:trojan-activity;sid:81117317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/fixvbnpvcv/"; http_uri; depth:21; isdataat:!1,relative; content:"byttd.com.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254216/; classtype:trojan-activity;sid:81117316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/fbqmhms2/"; http_uri; depth:19; isdataat:!1,relative; content:"ghattas.pcsd194.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254215/; classtype:trojan-activity;sid:81117315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/1tzmc0jsn/"; http_uri; depth:22; isdataat:!1,relative; content:"www.akiba-anime.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254214/; classtype:trojan-activity;sid:81117314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vgvbyw/ua/"; http_uri; depth:11; isdataat:!1,relative; content:"ymindopacific.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254213/; classtype:trojan-activity;sid:81117313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.spc"; http_uri; depth:21; isdataat:!1,relative; content:"159.203.95.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254212/; classtype:trojan-activity;sid:81117312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"159.203.95.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254211/; classtype:trojan-activity;sid:81117311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"159.203.95.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254210/; classtype:trojan-activity;sid:81117310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"159.203.95.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254209/; classtype:trojan-activity;sid:81117309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"159.203.95.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254208/; classtype:trojan-activity;sid:81117308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"159.203.95.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254207/; classtype:trojan-activity;sid:81117307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"159.203.95.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254206/; classtype:trojan-activity;sid:81117306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"159.203.95.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254205/; classtype:trojan-activity;sid:81117305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"159.203.95.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254204/; classtype:trojan-activity;sid:81117304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"159.203.95.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254203/; classtype:trojan-activity;sid:81117303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"159.203.95.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254202/; classtype:trojan-activity;sid:81117302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.mpsl"; http_uri; depth:24; isdataat:!1,relative; content:"185.112.250.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254201/; classtype:trojan-activity;sid:81117301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.mips"; http_uri; depth:24; isdataat:!1,relative; content:"185.112.250.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254200/; classtype:trojan-activity;sid:81117300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.ppc"; http_uri; depth:23; isdataat:!1,relative; content:"185.112.250.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254199/; classtype:trojan-activity;sid:81117299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.m68k"; http_uri; depth:24; isdataat:!1,relative; content:"185.112.250.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254198/; classtype:trojan-activity;sid:81117298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm"; http_uri; depth:23; isdataat:!1,relative; content:"185.112.250.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254197/; classtype:trojan-activity;sid:81117297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm5"; http_uri; depth:24; isdataat:!1,relative; content:"185.112.250.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254196/; classtype:trojan-activity;sid:81117296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.spc"; http_uri; depth:23; isdataat:!1,relative; content:"185.112.250.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254195/; classtype:trojan-activity;sid:81117295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"39.120.177.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254194/; classtype:trojan-activity;sid:81117294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.x86"; http_uri; depth:23; isdataat:!1,relative; content:"185.112.250.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254193/; classtype:trojan-activity;sid:81117293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm6"; http_uri; depth:24; isdataat:!1,relative; content:"185.112.250.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254192/; classtype:trojan-activity;sid:81117292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.sh4"; http_uri; depth:23; isdataat:!1,relative; content:"185.112.250.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254191/; classtype:trojan-activity;sid:81117291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm7"; http_uri; depth:24; isdataat:!1,relative; content:"185.112.250.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254189/; classtype:trojan-activity;sid:81117289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"68.174.119.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254188/; classtype:trojan-activity;sid:81117288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m+-o+-%20/tmp/gpon80"; http_uri; depth:26; isdataat:!1,relative; content:"111.42.102.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254187/; classtype:trojan-activity;sid:81117287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dlkc3/f0x0011/"; http_uri; depth:15; isdataat:!1,relative; content:"qa-home.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254186/; classtype:trojan-activity;sid:81117286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/research/kigv66476/"; http_uri; depth:20; isdataat:!1,relative; content:"www.redmediasigns.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254185/; classtype:trojan-activity;sid:81117285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a92uw/3huyh88912/"; http_uri; depth:18; isdataat:!1,relative; content:"ruanyun123.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254184/; classtype:trojan-activity;sid:81117284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/9ej40364/"; http_uri; depth:21; isdataat:!1,relative; content:"www.dollsqueens.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254183/; classtype:trojan-activity;sid:81117283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/nxcrv2/"; http_uri; depth:19; isdataat:!1,relative; content:"inter-mvietnam.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_15; reference:url, urlhaus.abuse.ch/url/254181/; classtype:trojan-activity;sid:81117281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/pb4v0p/"; http_uri; depth:19; isdataat:!1,relative; content:"clearsolutionow.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254180/; classtype:trojan-activity;sid:81117280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bivgg/5o7bg/"; http_uri; depth:13; isdataat:!1,relative; content:"adhesive.bengalgroup.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254179/; classtype:trojan-activity;sid:81117279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/l/"; http_uri; depth:15; isdataat:!1,relative; content:"copaallianzgilling.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254178/; classtype:trojan-activity;sid:81117278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/qvuqz/"; http_uri; depth:16; isdataat:!1,relative; content:"merttasarim.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254177/; classtype:trojan-activity;sid:81117277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/edhlnz/8jufg9q/"; http_uri; depth:16; isdataat:!1,relative; content:"www.hineniestetica.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254176/; classtype:trojan-activity;sid:81117276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"2.56.8.146"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254175/; classtype:trojan-activity;sid:81117275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"2.56.8.146"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254174/; classtype:trojan-activity;sid:81117274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"2.56.8.146"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254173/; classtype:trojan-activity;sid:81117273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"2.56.8.146"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254172/; classtype:trojan-activity;sid:81117272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"2.56.8.146"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254171/; classtype:trojan-activity;sid:81117271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"2.56.8.146"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254170/; classtype:trojan-activity;sid:81117270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"2.56.8.146"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254169/; classtype:trojan-activity;sid:81117269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"2.56.8.146"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254168/; classtype:trojan-activity;sid:81117268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"2.56.8.146"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254167/; classtype:trojan-activity;sid:81117267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"2.56.8.146"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254166/; classtype:trojan-activity;sid:81117266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"2.56.8.146"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254165/; classtype:trojan-activity;sid:81117265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"2.56.8.146"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254164/; classtype:trojan-activity;sid:81117264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; content:"2.56.8.146"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254162/; classtype:trojan-activity;sid:81117262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/astra.spc"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254161/; classtype:trojan-activity;sid:81117261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/astra.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254160/; classtype:trojan-activity;sid:81117260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/astra.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254159/; classtype:trojan-activity;sid:81117259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/astra.i686"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254158/; classtype:trojan-activity;sid:81117258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/astra.arm"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254157/; classtype:trojan-activity;sid:81117257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/astra.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254156/; classtype:trojan-activity;sid:81117256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/astra.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254155/; classtype:trojan-activity;sid:81117255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/astra.mips"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254154/; classtype:trojan-activity;sid:81117254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/astra.x86"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254153/; classtype:trojan-activity;sid:81117253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/astra.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254152/; classtype:trojan-activity;sid:81117252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/astra.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254151/; classtype:trojan-activity;sid:81117251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/astra.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254150/; classtype:trojan-activity;sid:81117250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dsdfcvxvdsf.exe"; http_uri; depth:16; isdataat:!1,relative; content:"www.immersifi.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254149/; classtype:trojan-activity;sid:81117249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dontstop/1c.jpg"; http_uri; depth:16; isdataat:!1,relative; content:"s122112.gridserver.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254147/; classtype:trojan-activity;sid:81117247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dontstop/1c.jpg"; http_uri; depth:16; isdataat:!1,relative; content:"ohdratdigital.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254146/; classtype:trojan-activity;sid:81117246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/br/kv.exe"; http_uri; depth:10; isdataat:!1,relative; content:"esportcenter.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254144/; classtype:trojan-activity;sid:81117244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/ybbsalp/"; http_uri; depth:17; isdataat:!1,relative; content:"studiofotogenik.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254143/; classtype:trojan-activity;sid:81117243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/class.service/ndoidxnvf/"; http_uri; depth:25; isdataat:!1,relative; content:"bonekabonekaku.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254142/; classtype:trojan-activity;sid:81117242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/nlhvvlp/"; http_uri; depth:21; isdataat:!1,relative; content:"www.egolandseduccion.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254141/; classtype:trojan-activity;sid:81117241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/pkiolvaj/"; http_uri; depth:21; isdataat:!1,relative; content:"andrewharmon.x10host.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254140/; classtype:trojan-activity;sid:81117240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0fgx/bsl8e5dxuc-lpcwo9beha-1390894031/"; http_uri; depth:39; isdataat:!1,relative; content:"jjcardsandgifts.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254138/; classtype:trojan-activity;sid:81117238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/cod.exe"; http_uri; depth:17; isdataat:!1,relative; content:"www.espace-developpement.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254137/; classtype:trojan-activity;sid:81117237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/max.exe"; http_uri; depth:17; isdataat:!1,relative; content:"www.espace-developpement.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254136/; classtype:trojan-activity;sid:81117236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pyrd/.........--...-.-.-.-.--....-.----...----.-.---..doc"; http_uri; depth:58; isdataat:!1,relative; content:"windows.firewall-gateway.de"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254134/; classtype:trojan-activity;sid:81117234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/product_ajax/4l4/"; http_uri; depth:18; isdataat:!1,relative; content:"www.ketobes.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254133/; classtype:trojan-activity;sid:81117233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/6yjq3/"; http_uri; depth:18; isdataat:!1,relative; content:"www.cleaningbusinessinstitute.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254132/; classtype:trojan-activity;sid:81117232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/1wty7v715/"; http_uri; depth:15; isdataat:!1,relative; content:"koshishmarketing.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254131/; classtype:trojan-activity;sid:81117231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/iy6ux613260/"; http_uri; depth:24; isdataat:!1,relative; content:"buildingsandpools.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254130/; classtype:trojan-activity;sid:81117230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/984/"; http_uri; depth:14; isdataat:!1,relative; content:"calamusonline.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254129/; classtype:trojan-activity;sid:81117229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/u/"; http_uri; depth:15; isdataat:!1,relative; content:"www.caiwuje.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254128/; classtype:trojan-activity;sid:81117228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sitemap/phr/"; http_uri; depth:13; isdataat:!1,relative; content:"broomheadbar.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254127/; classtype:trojan-activity;sid:81117227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ivpeum/"; http_uri; depth:20; isdataat:!1,relative; content:"neverlandvietnam.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254126/; classtype:trojan-activity;sid:81117226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/vimeography/zcn/"; http_uri; depth:28; isdataat:!1,relative; content:"mountzionsnellville.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254125/; classtype:trojan-activity;sid:81117225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/engl/n/"; http_uri; depth:8; isdataat:!1,relative; content:"seabobcuracao.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254124/; classtype:trojan-activity;sid:81117224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254123/; classtype:trojan-activity;sid:81117223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"82.81.172.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254122/; classtype:trojan-activity;sid:81117222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254121/; classtype:trojan-activity;sid:81117221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.spc"; http_uri; depth:21; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254120/; classtype:trojan-activity;sid:81117220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254119/; classtype:trojan-activity;sid:81117219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254118/; classtype:trojan-activity;sid:81117218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254117/; classtype:trojan-activity;sid:81117217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254116/; classtype:trojan-activity;sid:81117216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254115/; classtype:trojan-activity;sid:81117215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254114/; classtype:trojan-activity;sid:81117214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254113/; classtype:trojan-activity;sid:81117213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254111/; classtype:trojan-activity;sid:81117211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/14f.msi"; http_uri; depth:8; isdataat:!1,relative; content:"unitedindirt.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254110/; classtype:trojan-activity;sid:81117210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kraken.exe"; http_uri; depth:11; isdataat:!1,relative; content:"versacecommunity.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254109/; classtype:trojan-activity;sid:81117209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7/6509877.hta"; http_uri; depth:14; isdataat:!1,relative; content:"35.181.60.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254108/; classtype:trojan-activity;sid:81117208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7/4107088.hta"; http_uri; depth:14; isdataat:!1,relative; content:"35.181.60.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254107/; classtype:trojan-activity;sid:81117207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7/1065200.hta"; http_uri; depth:14; isdataat:!1,relative; content:"35.181.60.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254106/; classtype:trojan-activity;sid:81117206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7/336219.hta"; http_uri; depth:13; isdataat:!1,relative; content:"35.181.60.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254105/; classtype:trojan-activity;sid:81117205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7/putty.jpg"; http_uri; depth:12; isdataat:!1,relative; content:"35.181.60.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254104/; classtype:trojan-activity;sid:81117204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7/_outpute4a092f.jpg"; http_uri; depth:21; isdataat:!1,relative; content:"35.181.60.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254103/; classtype:trojan-activity;sid:81117203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7/65780410.jpg"; http_uri; depth:15; isdataat:!1,relative; content:"35.181.60.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254102/; classtype:trojan-activity;sid:81117202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7/56908001.jpg"; http_uri; depth:15; isdataat:!1,relative; content:"35.181.60.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254101/; classtype:trojan-activity;sid:81117201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7/13067890.exe"; http_uri; depth:15; isdataat:!1,relative; content:"35.181.60.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254100/; classtype:trojan-activity;sid:81117200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7/6509877.exe"; http_uri; depth:14; isdataat:!1,relative; content:"35.181.60.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254099/; classtype:trojan-activity;sid:81117199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7/5313078.jpg"; http_uri; depth:14; isdataat:!1,relative; content:"35.181.60.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254098/; classtype:trojan-activity;sid:81117198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7/2609112.jpg"; http_uri; depth:14; isdataat:!1,relative; content:"35.181.60.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254097/; classtype:trojan-activity;sid:81117197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7/1065200.exe"; http_uri; depth:14; isdataat:!1,relative; content:"35.181.60.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254096/; classtype:trojan-activity;sid:81117196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7/205911.jpg"; http_uri; depth:13; isdataat:!1,relative; content:"35.181.60.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254094/; classtype:trojan-activity;sid:81117194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7/336219.exe"; http_uri; depth:13; isdataat:!1,relative; content:"35.181.60.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254095/; classtype:trojan-activity;sid:81117195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7/20981.exe"; http_uri; depth:12; isdataat:!1,relative; content:"35.181.60.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254093/; classtype:trojan-activity;sid:81117193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7/11206.jpg"; http_uri; depth:12; isdataat:!1,relative; content:"35.181.60.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254092/; classtype:trojan-activity;sid:81117192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7/4107088.exe"; http_uri; depth:14; isdataat:!1,relative; content:"35.181.60.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254091/; classtype:trojan-activity;sid:81117191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7/usermetu.jpg"; http_uri; depth:15; isdataat:!1,relative; content:"35.181.60.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254090/; classtype:trojan-activity;sid:81117190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/directdeposit/ach/rem1.exe"; http_uri; depth:27; isdataat:!1,relative; content:"globalpaymentportal.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254089/; classtype:trojan-activity;sid:81117189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/directdeposit/ach/hostask.exe"; http_uri; depth:30; isdataat:!1,relative; content:"globalpaymentportal.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254088/; classtype:trojan-activity;sid:81117188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/execute/purchase.ps1"; http_uri; depth:21; isdataat:!1,relative; content:"globalpaymentportal.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254087/; classtype:trojan-activity;sid:81117187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xrbgrev5"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254086/; classtype:trojan-activity;sid:81117186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/smtirp5s"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254085/; classtype:trojan-activity;sid:81117185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xhfpmhew"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254084/; classtype:trojan-activity;sid:81117184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/wp-content/uploads/2019/11/up/aaaa.png"; http_uri; depth:42; isdataat:!1,relative; content:"andrewharmon.x10host.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254083/; classtype:trojan-activity;sid:81117183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/11/goods/4729.zip"; http_uri; depth:42; isdataat:!1,relative; content:"dropshipbay.co.uk"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254082/; classtype:trojan-activity;sid:81117182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"189.33.57.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254080/; classtype:trojan-activity;sid:81117180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vtv5kuo6/f6jb17/"; http_uri; depth:17; isdataat:!1,relative; content:"www.andro-400.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254079/; classtype:trojan-activity;sid:81117179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/6r/"; http_uri; depth:16; isdataat:!1,relative; content:"www.vtrgpromotions.us"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254078/; classtype:trojan-activity;sid:81117178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/seoredirect/ago/"; http_uri; depth:17; isdataat:!1,relative; content:"prevelo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254077/; classtype:trojan-activity;sid:81117177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ehzu/62dw/"; http_uri; depth:11; isdataat:!1,relative; content:"caspertour.asc-florida.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254076/; classtype:trojan-activity;sid:81117176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/wp_systems32.1/ywe0kavz/"; http_uri; depth:44; isdataat:!1,relative; content:"anovatrade-corp.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254075/; classtype:trojan-activity;sid:81117175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jmdmza2i"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254074/; classtype:trojan-activity;sid:81117174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pyrd/vbc.exe"; http_uri; depth:13; isdataat:!1,relative; content:"windows.firewall-gateway.de"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254072/; classtype:trojan-activity;sid:81117172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pdoi41.exe"; http_uri; depth:11; isdataat:!1,relative; content:"www.cocotraffic.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254071/; classtype:trojan-activity;sid:81117171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/593100084615315456/607170896389472267/freeqn.exe"; http_uri; depth:61; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254070/; classtype:trojan-activity;sid:81117170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/l5drswri"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254069/; classtype:trojan-activity;sid:81117169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/cgi-bin/docs/2c.jpg"; http_uri; depth:23; isdataat:!1,relative; content:"magda.zelentourism.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254068/; classtype:trojan-activity;sid:81117168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/belle/js/2c.jpg"; http_uri; depth:34; isdataat:!1,relative; content:"smile-lover.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254067/; classtype:trojan-activity;sid:81117167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/pki-validation/payments/iaft9clj2e/2c.jpg"; http_uri; depth:54; isdataat:!1,relative; content:"lemapfrance.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254066/; classtype:trojan-activity;sid:81117166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/static/css/2c.jpg"; http_uri; depth:18; isdataat:!1,relative; content:"dolphin.cash"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254065/; classtype:trojan-activity;sid:81117165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/hueman/page-templates/2c.jpg"; http_uri; depth:47; isdataat:!1,relative; content:"rantucci.it"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254063/; classtype:trojan-activity;sid:81117163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/twentyten/languages/2c.jpg"; http_uri; depth:45; isdataat:!1,relative; content:"ohdratdigital.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254062/; classtype:trojan-activity;sid:81117162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/languages/plugins/doc/q2lqh/2c.jpg"; http_uri; depth:46; isdataat:!1,relative; content:"sacramentobouncers.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254060/; classtype:trojan-activity;sid:81117160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ae0fn9qq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254059/; classtype:trojan-activity;sid:81117159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sad/chime.exe"; http_uri; depth:14; isdataat:!1,relative; content:"fast-yoron-5181.fakefur.jp"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254058/; classtype:trojan-activity;sid:81117158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/643502182473269259/644420414617026560/sales_contract56432897611_____pdf.gz"; http_uri; depth:87; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254056/; classtype:trojan-activity;sid:81117156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/643502182473269259/644420414617026560/sales_contract56432897611_____pdf.gz"; http_uri; depth:87; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254055/; classtype:trojan-activity;sid:81117155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/iucvz0qf"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254054/; classtype:trojan-activity;sid:81117154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fro_pdf_plugin"; http_uri; depth:15; isdataat:!1,relative; content:"ec2-34-219-235-224.us-west-2.compute.amazonaws.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254053/; classtype:trojan-activity;sid:81117153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/7gt7jvc6"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254052/; classtype:trojan-activity;sid:81117152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/y7ujmvhd"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254051/; classtype:trojan-activity;sid:81117151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kn4bbgrm"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254050/; classtype:trojan-activity;sid:81117150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/g8dqwg/qxfuiov/"; http_uri; depth:16; isdataat:!1,relative; content:"vitakredite.ch"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254049/; classtype:trojan-activity;sid:81117149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/judn-azni-5975749061/"; http_uri; depth:33; isdataat:!1,relative; content:"australianjobs.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254048/; classtype:trojan-activity;sid:81117148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2cbza7bxhv47/cauoaxa/"; http_uri; depth:22; isdataat:!1,relative; content:"albatross2018.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254047/; classtype:trojan-activity;sid:81117147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/024krtfz-ngvdek5cbx-32251/"; http_uri; depth:39; isdataat:!1,relative; content:"sternen-kind.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254046/; classtype:trojan-activity;sid:81117146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yotei/5qse9kbx83-3tb4s-91455/"; http_uri; depth:30; isdataat:!1,relative; content:"sneakerstyle.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254045/; classtype:trojan-activity;sid:81117145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/5ijmykm/0gj8/"; http_uri; depth:14; isdataat:!1,relative; content:"chobouillant.ch"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254044/; classtype:trojan-activity;sid:81117144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/framework.lift/bowb/"; http_uri; depth:21; isdataat:!1,relative; content:"www.aquafreshvk.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254043/; classtype:trojan-activity;sid:81117143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/o7z005hnvr/2afisx/"; http_uri; depth:19; isdataat:!1,relative; content:"riemannlaw.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254042/; classtype:trojan-activity;sid:81117142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x3arjey/s9ayn34/"; http_uri; depth:17; isdataat:!1,relative; content:"www.royaltyofchristkiddes.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254041/; classtype:trojan-activity;sid:81117141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/pdz/"; http_uri; depth:16; isdataat:!1,relative; content:"statisticsinabox.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254040/; classtype:trojan-activity;sid:81117140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pub/mal/jd.vbe"; http_uri; depth:15; isdataat:!1,relative; content:"ch0wn.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254039/; classtype:trojan-activity;sid:81117139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/membership/n9092/"; http_uri; depth:18; isdataat:!1,relative; content:"doorsecurityy.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254038/; classtype:trojan-activity;sid:81117138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/summary/o8499/"; http_uri; depth:15; isdataat:!1,relative; content:"bigdiamondeals.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254037/; classtype:trojan-activity;sid:81117137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gh9hz1m/oaw833/"; http_uri; depth:16; isdataat:!1,relative; content:"www.yogamatlife.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254036/; classtype:trojan-activity;sid:81117136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chakamobile/6t55906/"; http_uri; depth:21; isdataat:!1,relative; content:"www.chakamobile.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254035/; classtype:trojan-activity;sid:81117135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/wpbsk79131/"; http_uri; depth:20; isdataat:!1,relative; content:"hopebuildersusa.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254034/; classtype:trojan-activity;sid:81117134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/whttttttttt.exe"; http_uri; depth:16; isdataat:!1,relative; content:"curly-yoron-0282.sunnyday.jp"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254033/; classtype:trojan-activity;sid:81117133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sidu40.exe"; http_uri; depth:11; isdataat:!1,relative; content:"www.immersifi.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254032/; classtype:trojan-activity;sid:81117132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tami/kafox.zip"; http_uri; depth:15; isdataat:!1,relative; content:"alg0sec.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254031/; classtype:trojan-activity;sid:81117131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tami/kafox.txt"; http_uri; depth:15; isdataat:!1,relative; content:"alg0sec.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254030/; classtype:trojan-activity;sid:81117130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bin.txt"; http_uri; depth:8; isdataat:!1,relative; content:"alg0sec.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254029/; classtype:trojan-activity;sid:81117129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/signedinv.txt"; http_uri; depth:14; isdataat:!1,relative; content:"alg0sec.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254028/; classtype:trojan-activity;sid:81117128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/signedinvoice.txt"; http_uri; depth:18; isdataat:!1,relative; content:"alg0sec.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254027/; classtype:trojan-activity;sid:81117127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/use.txt"; http_uri; depth:8; isdataat:!1,relative; content:"alg0sec.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254026/; classtype:trojan-activity;sid:81117126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=latrya12.cab"; http_uri; depth:32; isdataat:!1,relative; content:"armetulisy.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254025/; classtype:trojan-activity;sid:81117125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=latrya11.cab"; http_uri; depth:32; isdataat:!1,relative; content:"armetulisy.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254024/; classtype:trojan-activity;sid:81117124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=latrya10.cab"; http_uri; depth:32; isdataat:!1,relative; content:"armetulisy.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254023/; classtype:trojan-activity;sid:81117123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=latrya3.cab"; http_uri; depth:31; isdataat:!1,relative; content:"zorienelan.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254022/; classtype:trojan-activity;sid:81117122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=latrya2.cab"; http_uri; depth:31; isdataat:!1,relative; content:"zorienelan.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254021/; classtype:trojan-activity;sid:81117121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=latrya1.cab"; http_uri; depth:31; isdataat:!1,relative; content:"zorienelan.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254020/; classtype:trojan-activity;sid:81117120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=latrya6.cab"; http_uri; depth:31; isdataat:!1,relative; content:"sphotethee.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254019/; classtype:trojan-activity;sid:81117119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=latrya5.cab"; http_uri; depth:31; isdataat:!1,relative; content:"sphotethee.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254018/; classtype:trojan-activity;sid:81117118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=latrya3.cab"; http_uri; depth:31; isdataat:!1,relative; content:"sphotethee.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254017/; classtype:trojan-activity;sid:81117117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=latrya9.cab"; http_uri; depth:31; isdataat:!1,relative; content:"curcipleaf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254016/; classtype:trojan-activity;sid:81117116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=latrya8.cab"; http_uri; depth:31; isdataat:!1,relative; content:"curcipleaf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254015/; classtype:trojan-activity;sid:81117115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obedle/zarref.phpl=latrya7.cab"; http_uri; depth:31; isdataat:!1,relative; content:"curcipleaf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254014/; classtype:trojan-activity;sid:81117114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p43jtg.exe"; http_uri; depth:11; isdataat:!1,relative; content:"tisdalecpa.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254013/; classtype:trojan-activity;sid:81117113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p41ijwmk.exe"; http_uri; depth:13; isdataat:!1,relative; content:"relicabs.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254012/; classtype:trojan-activity;sid:81117112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/ourus/1.exe"; http_uri; depth:17; isdataat:!1,relative; content:"upload-stat2.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254011/; classtype:trojan-activity;sid:81117111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nkjhxcfg.exe"; http_uri; depth:13; isdataat:!1,relative; content:"xcvzxf.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254010/; classtype:trojan-activity;sid:81117110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pkjsdhfsd.exe"; http_uri; depth:14; isdataat:!1,relative; content:"xcvzxf.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254009/; classtype:trojan-activity;sid:81117109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/5c/"; http_uri; depth:13; isdataat:!1,relative; content:"alfredobajc.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254008/; classtype:trojan-activity;sid:81117108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/package/cqw/"; http_uri; depth:13; isdataat:!1,relative; content:"www.altn.com.cn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254007/; classtype:trojan-activity;sid:81117107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/link-to-us/ru5/"; http_uri; depth:16; isdataat:!1,relative; content:"kd-gestion.ch"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254006/; classtype:trojan-activity;sid:81117106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zotlh/dm4/"; http_uri; depth:11; isdataat:!1,relative; content:"cormetal.eu"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254005/; classtype:trojan-activity;sid:81117105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2t2ilul/zoj5zkyv65/"; http_uri; depth:20; isdataat:!1,relative; content:"www.assurpresse.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254004/; classtype:trojan-activity;sid:81117104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug.x86"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254003/; classtype:trojan-activity;sid:81117103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254002/; classtype:trojan-activity;sid:81117102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug.i686"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254001/; classtype:trojan-activity;sid:81117101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/254000/; classtype:trojan-activity;sid:81117100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug.arm"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253999/; classtype:trojan-activity;sid:81117099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rwa/89ky3v439/"; http_uri; depth:15; isdataat:!1,relative; content:"shauriegrosir.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253998/; classtype:trojan-activity;sid:81117098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/j595/"; http_uri; depth:18; isdataat:!1,relative; content:"practicalpeso.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253997/; classtype:trojan-activity;sid:81117097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/i2z620280/"; http_uri; depth:20; isdataat:!1,relative; content:"cometadistribuzioneshop.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253996/; classtype:trojan-activity;sid:81117096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/57374/"; http_uri; depth:16; isdataat:!1,relative; content:"www.thenyweekly.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253995/; classtype:trojan-activity;sid:81117095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/av25r1k0/"; http_uri; depth:19; isdataat:!1,relative; content:"abantesabogados.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253994/; classtype:trojan-activity;sid:81117094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"167.172.228.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253993/; classtype:trojan-activity;sid:81117093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"167.172.228.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253992/; classtype:trojan-activity;sid:81117092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/java8000"; http_uri; depth:9; isdataat:!1,relative; content:"23.247.82.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253991/; classtype:trojan-activity;sid:81117091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"167.172.228.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253990/; classtype:trojan-activity;sid:81117090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.spc"; http_uri; depth:21; isdataat:!1,relative; content:"167.172.228.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253989/; classtype:trojan-activity;sid:81117089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"167.172.228.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253988/; classtype:trojan-activity;sid:81117088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"167.172.228.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253987/; classtype:trojan-activity;sid:81117087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"167.172.228.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253985/; classtype:trojan-activity;sid:81117085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"167.172.228.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253984/; classtype:trojan-activity;sid:81117084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"167.172.228.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253983/; classtype:trojan-activity;sid:81117083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"167.172.228.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253982/; classtype:trojan-activity;sid:81117082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"167.172.228.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253981/; classtype:trojan-activity;sid:81117081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/br/kv.exe"; http_uri; depth:10; isdataat:!1,relative; content:"www.esportcenter.pl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253980/; classtype:trojan-activity;sid:81117080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nk8b72hr2/jgfmiiedk/"; http_uri; depth:21; isdataat:!1,relative; content:"smartoria.it"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253979/; classtype:trojan-activity;sid:81117079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/margaritadsg.com/ojsqdow/"; http_uri; depth:26; isdataat:!1,relative; content:"digitsols.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253978/; classtype:trojan-activity;sid:81117078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/xmt6ku5-plq8-53219773/"; http_uri; depth:27; isdataat:!1,relative; content:"agenta.airosgroup.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253977/; classtype:trojan-activity;sid:81117077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/npbvs8q-hw9h7u1k-5188/"; http_uri; depth:32; isdataat:!1,relative; content:"blogbattalionelite.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253976/; classtype:trojan-activity;sid:81117076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/create_sitemap/xhzlg-yhct7-22183398/"; http_uri; depth:37; isdataat:!1,relative; content:"jasaundanganonline.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253975/; classtype:trojan-activity;sid:81117075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zhengwuxinxi/zhengcefabu/201606/p020160629637167338210.xls"; http_uri; depth:59; isdataat:!1,relative; content:"gss.mof.gov.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253974/; classtype:trojan-activity;sid:81117074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/codedonce/codedonce.exe"; http_uri; depth:24; isdataat:!1,relative; content:"dubem.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253973/; classtype:trojan-activity;sid:81117073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"183.102.238.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253972/; classtype:trojan-activity;sid:81117072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test-page/iw751g23/"; http_uri; depth:20; isdataat:!1,relative; content:"kellibrookedev.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253971/; classtype:trojan-activity;sid:81117071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/u3hue792/"; http_uri; depth:18; isdataat:!1,relative; content:"benchpressadvantage.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253970/; classtype:trojan-activity;sid:81117070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/old/m09p60847/"; http_uri; depth:15; isdataat:!1,relative; content:"theridesharemall.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253969/; classtype:trojan-activity;sid:81117069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/9js2sal/480/"; http_uri; depth:13; isdataat:!1,relative; content:"www.bademandirguruji.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253968/; classtype:trojan-activity;sid:81117068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/saz7f13629/"; http_uri; depth:21; isdataat:!1,relative; content:"www.uyghurchem.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253967/; classtype:trojan-activity;sid:81117067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sloth_admin/mp/"; http_uri; depth:16; isdataat:!1,relative; content:"firstcoastrestoration.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253966/; classtype:trojan-activity;sid:81117066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tpmsydq/ei0/"; http_uri; depth:13; isdataat:!1,relative; content:"integralc.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253965/; classtype:trojan-activity;sid:81117065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7pszu7gx2gyo/0bx2/"; http_uri; depth:19; isdataat:!1,relative; content:"ayfp.org"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253964/; classtype:trojan-activity;sid:81117064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/4i6f/"; http_uri; depth:10; isdataat:!1,relative; content:"gogatesolutions.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253963/; classtype:trojan-activity;sid:81117063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/aa2bz9c1ny/"; http_uri; depth:21; isdataat:!1,relative; content:"sundeckdestinations.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253962/; classtype:trojan-activity;sid:81117062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; content:"185.112.250.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253961/; classtype:trojan-activity;sid:81117061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"211.137.225.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253960/; classtype:trojan-activity;sid:81117060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/08/drsstor.bin"; http_uri; depth:39; isdataat:!1,relative; content:"ogabengineering.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253959/; classtype:trojan-activity;sid:81117059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.x86"; http_uri; depth:11; isdataat:!1,relative; content:"cnc.isisnet.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253958/; classtype:trojan-activity;sid:81117058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.mpsl"; http_uri; depth:12; isdataat:!1,relative; content:"cnc.isisnet.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253957/; classtype:trojan-activity;sid:81117057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.i686"; http_uri; depth:12; isdataat:!1,relative; content:"cnc.isisnet.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253956/; classtype:trojan-activity;sid:81117056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.arm7"; http_uri; depth:12; isdataat:!1,relative; content:"cnc.isisnet.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253955/; classtype:trojan-activity;sid:81117055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.arm5"; http_uri; depth:12; isdataat:!1,relative; content:"cnc.isisnet.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253954/; classtype:trojan-activity;sid:81117054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.arm"; http_uri; depth:11; isdataat:!1,relative; content:"cnc.isisnet.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253953/; classtype:trojan-activity;sid:81117053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.i686"; http_uri; depth:12; isdataat:!1,relative; content:"142.11.212.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253952/; classtype:trojan-activity;sid:81117052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.arm7"; http_uri; depth:12; isdataat:!1,relative; content:"142.11.212.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253951/; classtype:trojan-activity;sid:81117051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.arm"; http_uri; depth:11; isdataat:!1,relative; content:"142.11.212.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253950/; classtype:trojan-activity;sid:81117050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253949/; classtype:trojan-activity;sid:81117049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253948/; classtype:trojan-activity;sid:81117048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mpsl"; http_uri; depth:19; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253947/; classtype:trojan-activity;sid:81117047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.spc"; http_uri; depth:18; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253946/; classtype:trojan-activity;sid:81117046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253945/; classtype:trojan-activity;sid:81117045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253944/; classtype:trojan-activity;sid:81117044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253943/; classtype:trojan-activity;sid:81117043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253942/; classtype:trojan-activity;sid:81117042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253941/; classtype:trojan-activity;sid:81117041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253940/; classtype:trojan-activity;sid:81117040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"212.143.172.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253939/; classtype:trojan-activity;sid:81117039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"178.156.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253938/; classtype:trojan-activity;sid:81117038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/win2.png"; http_uri; depth:9; isdataat:!1,relative; content:"193.3.247.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253933/; classtype:trojan-activity;sid:81117033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tin.png"; http_uri; depth:8; isdataat:!1,relative; content:"193.3.247.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253932/; classtype:trojan-activity;sid:81117032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tin.exe"; http_uri; depth:8; isdataat:!1,relative; content:"193.3.247.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253931/; classtype:trojan-activity;sid:81117031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sin.png"; http_uri; depth:8; isdataat:!1,relative; content:"193.3.247.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253930/; classtype:trojan-activity;sid:81117030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tin64.exe"; http_uri; depth:10; isdataat:!1,relative; content:"193.3.247.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253929/; classtype:trojan-activity;sid:81117029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/swaxzsdert.exe"; http_uri; depth:15; isdataat:!1,relative; content:"193.3.247.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253928/; classtype:trojan-activity;sid:81117028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253926/; classtype:trojan-activity;sid:81117026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/akemi.i686"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253925/; classtype:trojan-activity;sid:81117025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/akemi.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253923/; classtype:trojan-activity;sid:81117023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/akemi.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253922/; classtype:trojan-activity;sid:81117022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/akemi.spc"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253921/; classtype:trojan-activity;sid:81117021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/akemi.x86"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253920/; classtype:trojan-activity;sid:81117020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/akemi.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253919/; classtype:trojan-activity;sid:81117019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/akemi.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253918/; classtype:trojan-activity;sid:81117018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/akemi.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253917/; classtype:trojan-activity;sid:81117017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/akemi.arm"; http_uri; depth:15; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253916/; classtype:trojan-activity;sid:81117016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/akemi.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253915/; classtype:trojan-activity;sid:81117015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"45.238.247.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253914/; classtype:trojan-activity;sid:81117014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/akemi.mips"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253913/; classtype:trojan-activity;sid:81117013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/akemi.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"185.112.249.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253911/; classtype:trojan-activity;sid:81117011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/tqawnw5fvo/"; http_uri; depth:20; isdataat:!1,relative; content:"wearekicks.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253910/; classtype:trojan-activity;sid:81117010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/ngi/"; http_uri; depth:13; isdataat:!1,relative; content:"mbaventures.biz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253909/; classtype:trojan-activity;sid:81117009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/m70nxy/"; http_uri; depth:17; isdataat:!1,relative; content:"fillmorecorp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253908/; classtype:trojan-activity;sid:81117008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/x/"; http_uri; depth:14; isdataat:!1,relative; content:"ds-stoneroots.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253907/; classtype:trojan-activity;sid:81117007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0js9i/voa20/"; http_uri; depth:13; isdataat:!1,relative; content:"www.oakessitecontractors.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_11_14; reference:url, urlhaus.abuse.ch/url/253906/; classtype:trojan-activity;sid:81117006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/w87q6/"; http_uri; depth:18; isdataat:!1,relative; content:"www.typonteq.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253905/; classtype:trojan-activity;sid:81117005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/createuser/mxqd13529/"; http_uri; depth:22; isdataat:!1,relative; content:"pristinequill.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253904/; classtype:trojan-activity;sid:81117004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m4m_tools/v571/"; http_uri; depth:16; isdataat:!1,relative; content:"elialamberto.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253903/; classtype:trojan-activity;sid:81117003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/07k2z9q72485/"; http_uri; depth:22; isdataat:!1,relative; content:"telltheworld.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253902/; classtype:trojan-activity;sid:81117002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/jqb2jc194/"; http_uri; depth:20; isdataat:!1,relative; content:"alfacars-airport.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253901/; classtype:trojan-activity;sid:81117001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a.mipsel"; http_uri; depth:9; isdataat:!1,relative; content:"91.211.88.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253900/; classtype:trojan-activity;sid:81117000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a.arm"; http_uri; depth:6; isdataat:!1,relative; content:"91.211.88.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253899/; classtype:trojan-activity;sid:81116999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a.arm7"; http_uri; depth:7; isdataat:!1,relative; content:"91.211.88.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253898/; classtype:trojan-activity;sid:81116998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a.mips"; http_uri; depth:7; isdataat:!1,relative; content:"91.211.88.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253897/; classtype:trojan-activity;sid:81116997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a.x86"; http_uri; depth:6; isdataat:!1,relative; content:"91.211.88.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253896/; classtype:trojan-activity;sid:81116996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh4"; http_uri; depth:6; isdataat:!1,relative; content:"91.211.88.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253895/; classtype:trojan-activity;sid:81116995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; content:"192.119.74.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253894/; classtype:trojan-activity;sid:81116994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a.arm5"; http_uri; depth:7; isdataat:!1,relative; content:"91.211.88.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253893/; classtype:trojan-activity;sid:81116993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xunw24/5namu-e4ihyveh7-83/"; http_uri; depth:27; isdataat:!1,relative; content:"www.design-store.it"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253892/; classtype:trojan-activity;sid:81116992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rknfr/ynotf1w-8t79-59831828/"; http_uri; depth:29; isdataat:!1,relative; content:"simplicefogue.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253891/; classtype:trojan-activity;sid:81116991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/e2imncs0y/zpijeoquv/"; http_uri; depth:21; isdataat:!1,relative; content:"rezilyent1.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253890/; classtype:trojan-activity;sid:81116990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m2iqaxgm9eb/ctjngc/"; http_uri; depth:20; isdataat:!1,relative; content:"toxic-lemon.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253889/; classtype:trojan-activity;sid:81116989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/c3wzj22p8-7yf9jes-7673396282/"; http_uri; depth:42; isdataat:!1,relative; content:"food.com.au"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253888/; classtype:trojan-activity;sid:81116988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p43jtg.exe"; http_uri; depth:11; isdataat:!1,relative; content:"www.tisdalecpa.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253887/; classtype:trojan-activity;sid:81116987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/unyson/framework/static/libs/entypo/1.exe1.c1"; http_uri; depth:65; isdataat:!1,relative; content:"unique-visa.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253886/; classtype:trojan-activity;sid:81116986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/apikey/neocak.exe"; http_uri; depth:37; isdataat:!1,relative; content:"www.aflah.se"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253885/; classtype:trojan-activity;sid:81116985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p41ijwmk.exe"; http_uri; depth:13; isdataat:!1,relative; content:"www.relicabs.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253884/; classtype:trojan-activity;sid:81116984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/05f6df09-9d5e-47cf-b12e-a50d61be1488/downloads/b44b2aee-66a9-48de-a57e-38ee934ff0be/setup2.exesignature=vskih9e0c5zu0uh8ocw3hwxblr8%3d|26|expires=1573683078|26|awsaccesskeyid=akiaiqwxw6wlxmb5qzaq|26|versionid=9rj0wa8wm02q6gnbd8pnlgom9q4jlbth|26|response-content-disposition=attachment%3b%20filename%3d%22setup2.exe%22"; http_uri; depth:318; isdataat:!1,relative; content:"bbuseruploads.s3.amazonaws.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253883/; classtype:trojan-activity;sid:81116983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/05f6df09-9d5e-47cf-b12e-a50d61be1488/downloads/b7f4e2e6-8eb2-4071-8c6d-883f69391e72/setup.exesignature=1i2bkmbfmoybdzsdfrd84%2fs4vde%3d|26|expires=1573682958|26|awsaccesskeyid=akiaiqwxw6wlxmb5qzaq|26|versionid=5klh6fsxqjan4qwunj2szynpi0eal3vz|26|response-content-disposition=attachment%3b%20filename%3d%22setup.exe%22"; http_uri; depth:318; isdataat:!1,relative; content:"bbuseruploads.s3.amazonaws.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253882/; classtype:trojan-activity;sid:81116982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dirc/mscs.exe"; http_uri; depth:14; isdataat:!1,relative; content:"ecolinkcourier.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253881/; classtype:trojan-activity;sid:81116981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/09d9ef38-f696-4d83-a7ad-696f0ee8bae0/downloads/d45df702-fdc1-48fc-b27b-708c77033d2a/setup_m.exesignature=vxhksxyjdqfmeunewg7zw0lkqvm%3d|26|expires=1573681692|26|awsaccesskeyid=akiaiqwxw6wlxmb5qzaq|26|versionid=ys.cunawmheo1r0u2apzi7qnjxcptypq|26|response-content-disposition=attachment%3b%20filename%3d%22setup_m.exe%22"; http_uri; depth:320; isdataat:!1,relative; content:"bbuseruploads.s3.amazonaws.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253880/; classtype:trojan-activity;sid:81116980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/09d9ef38-f696-4d83-a7ad-696f0ee8bae0/downloads/b9fbf5d6-c95d-4e91-98c4-1105177ba8f3/setup_c.exesignature=s0f%2fkck6pdun17iz%2broczny5rxq%3d|26|expires=1573681649|26|awsaccesskeyid=akiaiqwxw6wlxmb5qzaq|26|versionid=xpw4tfzdd.uzvmp6okdg0z5l5v2icigt|26|response-content-disposition=attachment%3b%20filename%3d%22setup_c.exe%22"; http_uri; depth:324; isdataat:!1,relative; content:"bbuseruploads.s3.amazonaws.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253879/; classtype:trojan-activity;sid:81116979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/anatoliisaharoff/rep/downloads/2200.exe"; http_uri; depth:40; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253878/; classtype:trojan-activity;sid:81116978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/anatoliisaharoff/rep/downloads/lood.exe"; http_uri; depth:40; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253877/; classtype:trojan-activity;sid:81116977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/anatoliisaharoff/rep/downloads/setup2.exe"; http_uri; depth:42; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253876/; classtype:trojan-activity;sid:81116976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/anatoliisaharoff/rep/downloads/setup3.exe"; http_uri; depth:42; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253875/; classtype:trojan-activity;sid:81116975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/anatoliisaharoff/rep/downloads/setup4.exe"; http_uri; depth:42; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253874/; classtype:trojan-activity;sid:81116974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/anatoliisaharoff/rep/downloads/setup.exe"; http_uri; depth:41; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253873/; classtype:trojan-activity;sid:81116973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/anatoliisaharoff/rep/downloads/big.exe"; http_uri; depth:39; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253872/; classtype:trojan-activity;sid:81116972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.arm5"; http_uri; depth:12; isdataat:!1,relative; content:"142.11.212.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253871/; classtype:trojan-activity;sid:81116971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.mpsl"; http_uri; depth:12; isdataat:!1,relative; content:"142.11.212.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253870/; classtype:trojan-activity;sid:81116970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.x86"; http_uri; depth:11; isdataat:!1,relative; content:"142.11.212.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253868/; classtype:trojan-activity;sid:81116968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fastuploads/2019/downloads/setup_c.exe"; http_uri; depth:39; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253867/; classtype:trojan-activity;sid:81116967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fastuploads/2019/downloads/setup_m.exe"; http_uri; depth:39; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253866/; classtype:trojan-activity;sid:81116966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orphic.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"142.11.212.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253865/; classtype:trojan-activity;sid:81116965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orphic.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"142.11.212.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253864/; classtype:trojan-activity;sid:81116964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; content:"134.209.93.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253863/; classtype:trojan-activity;sid:81116963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orphic.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"142.11.212.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253862/; classtype:trojan-activity;sid:81116962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orphic.i686"; http_uri; depth:17; isdataat:!1,relative; content:"142.11.212.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253861/; classtype:trojan-activity;sid:81116961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orphic.x86"; http_uri; depth:16; isdataat:!1,relative; content:"142.11.212.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:url, urlhaus.abuse.ch/url/253860/; classtype:trojan-activity;sid:81116960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orphic.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"142.11.212.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_11_13; reference:ur